Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51593 was published May 3, 2024
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux,... Critical Unreviewed
CVE-2022-4146 was published Jul 18, 2023
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured Critical
CVE-2022-22947 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Mar 4, 2022
jbmagination
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression Critical
CVE-2022-22963 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Apr 3, 2022
Tsuki124
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2023-27821 was published Mar 28, 2023
Liima before 1.17.28 allows server-side template injection. Critical Unreviewed
CVE-2023-26092 was published Feb 20, 2023
Expression Language Injection in Apache Syncope Critical
CVE-2020-1959 was published for org.apache.syncope:syncope-core (Maven) Jun 16, 2021
Expression Language Injection in Netflix Conductor Critical
CVE-2020-9296 was published for com.netflix.conductor:conductor-core (Maven) Feb 10, 2022
Remote code execution in Apache Struts Critical
CVE-2020-17530 was published for org.apache.struts:struts2-core (Maven) Feb 9, 2022
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and... Critical Unreviewed
CVE-2019-5916 was published May 13, 2022
A select expression language injection remote code execution vulnerability was discovered in HPE... Critical Unreviewed
CVE-2020-7155 was published May 24, 2022
A operatorgroupselectcontent expression language injection remote code execution vulnerability... Critical Unreviewed
CVE-2020-7162 was published May 24, 2022
A operationselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7164 was published May 24, 2022
A ifviewselectpage expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7154 was published May 24, 2022
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-24652 was published May 24, 2022
A devgroupselect expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7146 was published May 24, 2022
A syslogtempletselectwin expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-24651 was published May 24, 2022
A adddevicetoview expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7141 was published May 24, 2022
A reporttaskselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7161 was published May 24, 2022
A navigationto expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7163 was published May 24, 2022
A ictexpertcsvdownload expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7169 was published May 24, 2022
A deployselectbootrom expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7147 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API