GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
319 advisories
Filter by severity
A accessmgrservlet classname deserialization of untrusted data remote code execution...
Critical
Unreviewed
CVE-2020-24648
was published
May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains...
Critical
Unreviewed
CVE-2020-10656
was published
May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains...
Critical
Unreviewed
CVE-2020-10655
was published
May 24, 2022
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security...
Critical
Unreviewed
CVE-2020-27131
was published
May 24, 2022
Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote...
Critical
Unreviewed
CVE-2020-5664
was published
May 24, 2022
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1...
Critical
Unreviewed
CVE-2022-29805
was published
Aug 20, 2022
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
Critical
Unreviewed
CVE-2019-15780
was published
May 24, 2022
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a...
Critical
Unreviewed
CVE-2022-24108
was published
May 18, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare...
Critical
Unreviewed
CVE-2022-38652
was published
Nov 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability...
Critical
Unreviewed
CVE-2022-38650
was published
Nov 12, 2022
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6...
Critical
Unreviewed
CVE-2022-4120
was published
Dec 26, 2022
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured...
Critical
Unreviewed
CVE-2016-6330
was published
May 17, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior...
Critical
Unreviewed
CVE-2022-33318
was published
Jul 21, 2022
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON...
Critical
Unreviewed
CVE-2019-16891
was published
May 24, 2022
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a...
Critical
Unreviewed
CVE-2016-6199
was published
May 17, 2022
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML...
Critical
Unreviewed
CVE-2017-5983
was published
May 17, 2022
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation...
Critical
Unreviewed
CVE-2022-35223
was published
Aug 3, 2022
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
Critical
Unreviewed
CVE-2021-41419
was published
Jul 19, 2022
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to...
Critical
Unreviewed
CVE-2017-9363
was published
May 17, 2022
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary...
Critical
Unreviewed
CVE-2016-3690
was published
May 17, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
Critical
Unreviewed
CVE-2018-18446
was published
Oct 13, 2022
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux...
Critical
Unreviewed
CVE-2016-7050
was published
May 17, 2022
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2017-9424
was published
May 17, 2022
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because...
Critical
Unreviewed
CVE-2022-35857
was published
Jul 14, 2022
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi...
Critical
Unreviewed
CVE-2017-9830
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API