GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
327 advisories
Filter by severity
An exploitable code execution vulnerability exists in the Levin deserialization functionality of...
Critical
Unreviewed
CVE-2018-3972
was published
May 13, 2022
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function...
Critical
Unreviewed
CVE-2022-29363
was published
May 13, 2022
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a...
Critical
Unreviewed
CVE-2020-23620
was published
May 4, 2022
The Java Remote Management Interface of all versions of SVI MS Management System was discovered...
Critical
Unreviewed
CVE-2020-23621
was published
May 4, 2022
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of...
Critical
Unreviewed
CVE-2022-44542
was published
Nov 1, 2022
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
Critical
Unreviewed
CVE-2022-40889
was published
Oct 18, 2022
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe...
Critical
Unreviewed
CVE-2020-26867
was published
May 24, 2022
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some...
Critical
Unreviewed
CVE-2022-2870
was published
Aug 18, 2022
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by...
Critical
Unreviewed
CVE-2022-46478
was published
Jan 13, 2023
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network...
Critical
Unreviewed
CVE-2022-41779
was published
Nov 1, 2022
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied...
Critical
Unreviewed
CVE-2022-38142
was published
Nov 1, 2022
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording...
Critical
Unreviewed
CVE-2022-31199
was published
Nov 8, 2022
Deserialization of Untrusted Data vulnerability in the message processing component of...
Critical
Unreviewed
CVE-2022-2830
was published
Sep 6, 2022
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the...
Critical
Unreviewed
CVE-2022-3900
was published
Dec 12, 2022
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation...
Critical
Unreviewed
CVE-2022-39008
was published
Sep 17, 2022
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure...
Critical
Unreviewed
CVE-2021-42237
was published
May 24, 2022
Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks...
Critical
Unreviewed
CVE-2019-19810
was published
May 24, 2022
Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data...
Critical
Unreviewed
CVE-2021-40719
was published
May 24, 2022
If an on-premise installation of the Pega Platform is configured with the port for the JMX...
Critical
Unreviewed
CVE-2022-24082
was published
Jul 20, 2022
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code...
Critical
Unreviewed
CVE-2021-42090
was published
May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR...
Critical
Unreviewed
CVE-2021-40102
was published
May 24, 2022
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All...
Critical
Unreviewed
CVE-2021-37181
was published
May 24, 2022
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute...
Critical
Unreviewed
CVE-2021-39392
was published
May 24, 2022
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml...
Critical
Unreviewed
CVE-2021-34066
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
Critical
Unreviewed
CVE-2021-37544
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API