Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

108 advisories

Loading
A devgroupselect expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7146 was published May 24, 2022
A ifviewselectpage expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7154 was published May 24, 2022
A select expression language injection remote code execution vulnerability was discovered in HPE... Critical Unreviewed
CVE-2020-7155 was published May 24, 2022
A operatorgroupselectcontent expression language injection remote code execution vulnerability... Critical Unreviewed
CVE-2020-7162 was published May 24, 2022
A operationselect expression language injection remote code execution vulnerability was... Critical Unreviewed
CVE-2020-7164 was published May 24, 2022
A wmiconfigcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7177 was published May 24, 2022
A ictexpertdownload expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7180 was published May 24, 2022
A smsrulesdownload expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7181 was published May 24, 2022
A forwardredirect expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7183 was published May 24, 2022
A tvxlanlegend expression language injection remote code execution vulnerability was discovered... High Unreviewed
CVE-2020-7185 was published May 24, 2022
A reportpage index expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7187 was published May 24, 2022
A userselectpagingcontent expression language injection remote code execution vulnerability was... High Unreviewed
CVE-2020-7188 was published May 24, 2022
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList... High Unreviewed
CVE-2020-26565 was published May 24, 2022
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access... High Unreviewed
CVE-2021-32834 was published May 24, 2022
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the... High Unreviewed
CVE-2019-9041 was published May 13, 2022
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. High Unreviewed
CVE-2018-16621 was published May 13, 2022
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and... Critical Unreviewed
CVE-2019-5916 was published May 13, 2022
Remote Code Execution in SCIMono High
CVE-2021-21479 was published for com.sap.scimono:scimono-server (Maven) Feb 10, 2021
Expression Language Injection in Netflix Conductor Critical
CVE-2020-9296 was published for com.netflix.conductor:conductor-core (Maven) Feb 10, 2022
Expression Language Injection in Apache Syncope Critical
CVE-2020-1959 was published for org.apache.syncope:syncope-core (Maven) Jun 16, 2021
Liima before 1.17.28 allows server-side template injection. Critical Unreviewed
CVE-2023-26092 was published Feb 20, 2023
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2023-27821 was published Mar 28, 2023
Improper Input Validation in GeoServer High
CVE-2022-24847 was published for org.geoserver:gs-main (Maven) Apr 22, 2022
kurt-r2c
Credited to kurt-r2c
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 ... Moderate Unreviewed
CVE-2022-34466 was published Jul 13, 2022
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured Critical
CVE-2022-22947 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Mar 4, 2022
suprstarrd
Credited to suprstarrd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database