GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,323
Maven
5,000+
npm
5,000+
NuGet
1,031
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,494
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
89 advisories
Filter by severity
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST...
High
Unreviewed
CVE-2026-57281
was published
Jun 24, 2026
Improper neutralization of special elements used in an expression language statement ('expression...
Moderate
Unreviewed
CVE-2026-11561
was published
Jun 11, 2026
Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious...
Moderate
Unreviewed
CVE-2026-40985
was published
Jun 11, 2026
A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is...
Moderate
Unreviewed
CVE-2026-41719
was published
Jun 10, 2026
Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when...
High
Unreviewed
CVE-2026-41729
was published
Jun 10, 2026
Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection...
High
Unreviewed
CVE-2026-41717
was published
Jun 10, 2026
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server...
High
Unreviewed
CVE-2026-8888
was published
Jun 3, 2026
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression...
Moderate
Unreviewed
CVE-2026-31380
was published
May 19, 2026
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron...
High
Unreviewed
CVE-2026-26462
was published
May 18, 2026
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in...
Critical
Unreviewed
CVE-2026-34714
was published
Mar 30, 2026
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression...
High
Unreviewed
CVE-2025-11175
was published
Jan 30, 2026
An improper neutralization of inputs used in expression
language allows remote code execution...
Critical
Unreviewed
CVE-2025-3322
was published
Jun 6, 2025
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
is vulnerable to an...
Critical
Unreviewed
CVE-2024-51466
was published
Dec 20, 2024
A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be...
Moderate
Unreviewed
CVE-2024-9672
was published
Dec 10, 2024
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by...
Moderate
Unreviewed
CVE-2024-7552
was published
Aug 6, 2024
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris...
High
Unreviewed
CVE-2024-5828
was published
Aug 6, 2024
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability....
Critical
Unreviewed
CVE-2023-51593
was published
May 3, 2024
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code...
High
Unreviewed
CVE-2024-0715
was published
Feb 20, 2024
Archive, check and export commands in Chef InSpec
prior to 4.56.58 and 5.22.29 allow local...
High
Unreviewed
CVE-2023-42658
was published
Oct 31, 2023
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux,...
Critical
Unreviewed
CVE-2022-4146
was published
Jul 18, 2023
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the...
Critical
Unreviewed
CVE-2023-27821
was published
Mar 28, 2023
Liima before 1.17.28 allows server-side template injection.
Critical
Unreviewed
CVE-2023-26092
was published
Feb 20, 2023
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 ...
Moderate
Unreviewed
CVE-2022-34466
was published
Jul 13, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists...
Critical
Unreviewed
CVE-2022-26134
was published
Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists...
Critical
Unreviewed
CVE-2021-26084
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API