GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Nexus Repository Manager 3 - Remote Code Execution
High
CVE-2020-10199
was published
for
org.sonatype.nexus:nexus-extdirect
(Maven)
Apr 14, 2020
Expression Language Injection in Apache Struts
Critical
CVE-2021-31805
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 13, 2022
SpEL Injection in Spring Data MongoDB
Critical
CVE-2022-22980
was published
for
org.springframework.data:spring-data-mongodb
(Maven)
Jun 24, 2022
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Critical
CVE-2022-23463
was published
for
com.nepxion:discovery
(Maven)
Sep 25, 2022
RichFaces vulnerable to Expression Language Injection
Critical
CVE-2018-12532
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
Arbitrary code execution in Richfaces
Critical
CVE-2018-12533
was published
for
org.richfaces:richfaces-core
(Maven)
May 13, 2022
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Remote code execution in Apache Struts
Critical
CVE-2020-17530
was published
for
org.apache.struts:struts2-core
(Maven)
Feb 9, 2022
Expression Language Injection in Netflix Conductor
Critical
CVE-2020-9296
was published
for
com.netflix.conductor:conductor-core
(Maven)
Feb 10, 2022
Expression Language Injection in Apache Syncope
Critical
CVE-2020-1959
was published
for
org.apache.syncope:syncope-core
(Maven)
Jun 16, 2021
Improper Input Validation in Jakarta Expression Language
Moderate
CVE-2021-28170
was published
for
com.sun.el:el-ri
(Maven)
Oct 6, 2021
Improper Input Validation in GeoServer
High
CVE-2022-24847
was published
for
org.geoserver:gs-main
(Maven)
Apr 22, 2022
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Critical
CVE-2022-22963
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Apr 3, 2022
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
Critical
CVE-2022-22947
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Mar 4, 2022
Apache Ambari Expression Language Injection vulnerability
High
CVE-2022-42009
was published
for
org.apache.ambari:ambari
(Maven)
Jul 12, 2023
Apache Jena Expression Language Injection vulnerability
High
CVE-2023-32200
was published
for
org.apache.jena:jena
(Maven)
Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability
High
CVE-2022-45855
was published
for
org.apache.ambari:ambari
(Maven)
Jul 12, 2023
Arbitrary javascript injection in Apache Jena
Moderate
CVE-2023-22665
was published
for
org.apache.jena:jena
(Maven)
Apr 25, 2023
Apache MyFaces Vulnerable to EL Injection
High
CVE-2011-4343
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
May 17, 2022
Apache Tiles Vulnerable to XSS via EL Expression Injection
Moderate
CVE-2009-1275
was published
for
org.apache.tiles:tiles-core
(Maven)
May 2, 2022
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
Moderate
CVE-2023-20861
was published
for
org.springframework:spring-expression
(Maven)
Mar 23, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
ProTip!
Advisories are also available from the
GraphQL API