Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

319 advisories

Loading
A accessmgrservlet classname deserialization of untrusted data remote code execution... Critical Unreviewed
CVE-2020-24648 was published May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... Critical Unreviewed
CVE-2020-10656 was published May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... Critical Unreviewed
CVE-2020-10655 was published May 24, 2022
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security... Critical Unreviewed
CVE-2020-27131 was published May 24, 2022
Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote... Critical Unreviewed
CVE-2020-5664 was published May 24, 2022
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1... Critical Unreviewed
CVE-2022-29805 was published Aug 20, 2022
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. Critical Unreviewed
CVE-2019-15780 was published May 24, 2022
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a... Critical Unreviewed
CVE-2022-24108 was published May 18, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare... Critical Unreviewed
CVE-2022-38652 was published Nov 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability... Critical Unreviewed
CVE-2022-38650 was published Nov 12, 2022
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6... Critical Unreviewed
CVE-2022-4120 was published Dec 26, 2022
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured... Critical Unreviewed
CVE-2016-6330 was published May 17, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior... Critical Unreviewed
CVE-2022-33318 was published Jul 21, 2022
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON... Critical Unreviewed
CVE-2019-16891 was published May 24, 2022
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2016-6199 was published May 17, 2022
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML... Critical Unreviewed
CVE-2017-5983 was published May 17, 2022
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation... Critical Unreviewed
CVE-2022-35223 was published Aug 3, 2022
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. Critical Unreviewed
CVE-2021-41419 was published Jul 19, 2022
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to... Critical Unreviewed
CVE-2017-9363 was published May 17, 2022
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2016-3690 was published May 17, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). Critical Unreviewed
CVE-2018-18446 was published Oct 13, 2022
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux... Critical Unreviewed
CVE-2016-7050 was published May 17, 2022
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2017-9424 was published May 17, 2022
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because... Critical Unreviewed
CVE-2022-35857 was published Jul 14, 2022
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi... Critical Unreviewed
CVE-2017-9830 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API