Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Nexus Repository Manager 3 - Remote Code Execution High
CVE-2020-10199 was published for org.sonatype.nexus:nexus-extdirect (Maven) Apr 14, 2020
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks Credited to isometriks and tdunlap607 tdunlap607 tdunlap607
Remote Code Execution in SCIMono High
CVE-2021-21479 was published for com.sap.scimono:scimono-server (Maven) Feb 10, 2021
Improper Input Validation in GeoServer High
CVE-2022-24847 was published for org.geoserver:gs-main (Maven) Apr 22, 2022
kurt-r2c Credited to kurt-r2c
Apache MyFaces Vulnerable to EL Injection High
CVE-2011-4343 was published for org.apache.myfaces.core:myfaces-core-module (Maven) May 17, 2022
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal Credited to amita-seal and sunSUNQ sunSUNQ sunSUNQ
Apache Jena Expression Language Injection vulnerability High
CVE-2023-32200 was published for org.apache.jena:jena (Maven) Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-45855 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-42009 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Hutool allows remote code execution (RCE) via the QLExpressEngine class High
CVE-2025-56769 was published for cn.hutool:hutool-extra (Maven) Sep 26, 2025
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection High
CVE-2025-41253 was published for org.springframework.cloud:spring-cloud-gateway-server (Maven) Oct 16, 2025
scottfrederick Credited to scottfrederick
JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter High
CVE-2026-22729 was published for org.springframework.ai:spring-ai-vector-store (Maven) Mar 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database