Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter High
CVE-2026-22729 was published for org.springframework.ai:spring-ai-vector-store (Maven) Mar 18, 2026
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection High
CVE-2025-41253 was published for org.springframework.cloud:spring-cloud-gateway-server (Maven) Oct 16, 2025
scottfrederick Credited to scottfrederick
Hutool allows remote code execution (RCE) via the QLExpressEngine class High
CVE-2025-56769 was published for cn.hutool:hutool-extra (Maven) Sep 26, 2025
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-42009 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-45855 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Apache Jena Expression Language Injection vulnerability High
CVE-2023-32200 was published for org.apache.jena:jena (Maven) Jul 12, 2023
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal Credited to amita-seal and sunSUNQ sunSUNQ sunSUNQ
Apache MyFaces Vulnerable to EL Injection High
CVE-2011-4343 was published for org.apache.myfaces.core:myfaces-core-module (Maven) May 17, 2022
Improper Input Validation in GeoServer High
CVE-2022-24847 was published for org.geoserver:gs-main (Maven) Apr 22, 2022
kurt-r2c Credited to kurt-r2c
Remote Code Execution in SCIMono High
CVE-2021-21479 was published for com.sap.scimono:scimono-server (Maven) Feb 10, 2021
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks Credited to isometriks and tdunlap607 tdunlap607 tdunlap607
Nexus Repository Manager 3 - Remote Code Execution High
CVE-2020-10199 was published for org.sonatype.nexus:nexus-extdirect (Maven) Apr 14, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database