GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
108 advisories
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Critical
CVE-2022-22963
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Apr 3, 2022
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Improper Input Validation in Jakarta Expression Language
Moderate
CVE-2021-28170
was published
for
com.sun.el:el-ri
(Maven)
Oct 6, 2021
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
Moderate
CVE-2023-20861
was published
for
org.springframework:spring-expression
(Maven)
Mar 23, 2023
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Moderate
CVE-2022-23504
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
ProTip!
Advisories are also available from the
GraphQL API