Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

327 advisories

Loading
An exploitable code execution vulnerability exists in the Levin deserialization functionality of... Critical Unreviewed
CVE-2018-3972 was published May 13, 2022
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function... Critical Unreviewed
CVE-2022-29363 was published May 13, 2022
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a... Critical Unreviewed
CVE-2020-23620 was published May 4, 2022
The Java Remote Management Interface of all versions of SVI MS Management System was discovered... Critical Unreviewed
CVE-2020-23621 was published May 4, 2022
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of... Critical Unreviewed
CVE-2022-44542 was published Nov 1, 2022
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. Critical Unreviewed
CVE-2022-40889 was published Oct 18, 2022
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe... Critical Unreviewed
CVE-2020-26867 was published May 24, 2022
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some... Critical Unreviewed
CVE-2022-2870 was published Aug 18, 2022
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by... Critical Unreviewed
CVE-2022-46478 was published Jan 13, 2023
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network... Critical Unreviewed
CVE-2022-41779 was published Nov 1, 2022
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied... Critical Unreviewed
CVE-2022-38142 was published Nov 1, 2022
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording... Critical Unreviewed
CVE-2022-31199 was published Nov 8, 2022
Deserialization of Untrusted Data vulnerability in the message processing component of... Critical Unreviewed
CVE-2022-2830 was published Sep 6, 2022
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the... Critical Unreviewed
CVE-2022-3900 was published Dec 12, 2022
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation... Critical Unreviewed
CVE-2022-39008 was published Sep 17, 2022
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure... Critical Unreviewed
CVE-2021-42237 was published May 24, 2022
Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks... Critical Unreviewed
CVE-2019-19810 was published May 24, 2022
Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data... Critical Unreviewed
CVE-2021-40719 was published May 24, 2022
If an on-premise installation of the Pega Platform is configured with the port for the JMX... Critical Unreviewed
CVE-2022-24082 was published Jul 20, 2022
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code... Critical Unreviewed
CVE-2021-42090 was published May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR... Critical Unreviewed
CVE-2021-40102 was published May 24, 2022
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All... Critical Unreviewed
CVE-2021-37181 was published May 24, 2022
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute... Critical Unreviewed
CVE-2021-39392 was published May 24, 2022
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml... Critical Unreviewed
CVE-2021-34066 was published May 24, 2022
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. Critical Unreviewed
CVE-2021-37544 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API