Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be... Moderate Unreviewed
CVE-2024-9672 was published Dec 10, 2024
QOS.CH logback-core Expression Language Injection vulnerability Moderate
CVE-2024-12798 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou perexis
GoetzGoerisch pjfanning
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an... Critical Unreviewed
CVE-2024-51466 was published Dec 20, 2024
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration Moderate
CVE-2022-23504 was published for typo3/cms (Composer) Dec 13, 2022
ohader darth-hader
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2024-7552 was published Aug 6, 2024
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris... High Unreviewed
CVE-2024-5828 was published Aug 6, 2024
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat... Moderate Unreviewed
CVE-2010-1871 was published May 17, 2022
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51593 was published May 3, 2024
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux,... Critical Unreviewed
CVE-2022-4146 was published Jul 18, 2023
An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11,... Moderate Unreviewed
CVE-2019-11628 was published May 24, 2022
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code... High Unreviewed
CVE-2024-0715 was published Feb 20, 2024
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Apache Tiles Vulnerable to XSS via EL Expression Injection Moderate
CVE-2009-1275 was published for org.apache.tiles:tiles-core (Maven) May 2, 2022
Apache MyFaces Vulnerable to EL Injection High
CVE-2011-4343 was published for org.apache.myfaces.core:myfaces-core-module (Maven) May 17, 2022
Archive, check and export commands in Chef InSpec prior to 4.56.58 and 5.22.29 allow local... High Unreviewed
CVE-2023-42658 was published Oct 31, 2023
Arbitrary javascript injection in Apache Jena Moderate
CVE-2023-22665 was published for org.apache.jena:jena (Maven) Apr 25, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-45855 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Apache Jena Expression Language Injection vulnerability High
CVE-2023-32200 was published for org.apache.jena:jena (Maven) Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-42009 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured Critical
CVE-2022-22947 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Mar 4, 2022
jbmagination
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database