Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

100 advisories

Loading
Nexus Repository Manager 3 - Remote Code Execution High
CVE-2020-10199 was published for org.sonatype.nexus:nexus-extdirect (Maven) Apr 14, 2020
Expression Language Injection in Apache Struts Critical
CVE-2021-31805 was published for org.apache.struts:struts2-core (Maven) Apr 13, 2022
SpEL Injection in Spring Data MongoDB Critical
CVE-2022-22980 was published for org.springframework.data:spring-data-mongodb (Maven) Jun 24, 2022
rthorpeii
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution Critical
CVE-2022-23463 was published for com.nepxion:discovery (Maven) Sep 25, 2022
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and... Moderate Unreviewed
CVE-2020-3956 was published May 24, 2022
RichFaces vulnerable to Expression Language Injection Critical
CVE-2018-12532 was published for org.richfaces:richfaces-core (Maven) May 13, 2022
Arbitrary code execution in Richfaces Critical
CVE-2018-12533 was published for org.richfaces:richfaces-core (Maven) May 13, 2022
A faulttrapgroupselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7151 was published May 24, 2022
A thirdpartyperfselecttask expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7179 was published May 24, 2022
A faultdevparasset expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7143 was published May 24, 2022
A soapconfigcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7174 was published May 24, 2022
A select expression language injection remote code execution vulnerability was discovered in HPE... Critical Unreviewed
CVE-2020-7170 was published May 24, 2022
A selectusergroup expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7168 was published May 24, 2022
A actionselectcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7173 was published May 24, 2022
A ictexpertcsvdownload expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7149 was published May 24, 2022
A faultinfo_content expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7156 was published May 24, 2022
A faultparasset expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7152 was published May 24, 2022
A iccselectcommand expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7165 was published May 24, 2022
A perfselecttask expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7158 was published May 24, 2022
A quicktemplateselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7167 was published May 24, 2022
A viewtaskresultdetailfact expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7176 was published May 24, 2022
A sshconfig expression language injection remote code execution vulnerability was discovered in... High Unreviewed
CVE-2020-7182 was published May 24, 2022
A comparefilesresult expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7144 was published May 24, 2022
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7194 was published May 24, 2022
A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability... High Unreviewed
CVE-2020-7184 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API