GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
370 advisories
Filter by severity
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due...
High
Unreviewed
CVE-2017-13286
was published
May 13, 2022
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0,...
High
Unreviewed
CVE-2017-10803
was published
May 13, 2022
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to...
High
Unreviewed
CVE-2017-1000148
was published
May 13, 2022
An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product:...
High
Unreviewed
CVE-2017-0806
was published
May 13, 2022
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray...
High
Unreviewed
CVE-2016-0750
was published
May 13, 2022
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x,...
High
Unreviewed
CVE-2016-8648
was published
May 13, 2022
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version...
High
Unreviewed
CVE-2017-3201
was published
May 13, 2022
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach...
High
Unreviewed
CVE-2018-12539
was published
May 13, 2022
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017...
High
Unreviewed
CVE-2018-7529
was published
May 13, 2022
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0...
High
Unreviewed
CVE-2017-14141
was published
May 13, 2022
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS...
High
Unreviewed
CVE-2010-4574
was published
May 13, 2022
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting...
High
Unreviewed
CVE-2017-1000195
was published
May 13, 2022
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize...
High
Unreviewed
CVE-2010-3258
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files...
High
Unreviewed
CVE-2019-9055
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class...
High
Unreviewed
CVE-2019-9056
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to...
High
Unreviewed
CVE-2019-9057
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action...
High
Unreviewed
CVE-2019-9061
was published
May 13, 2022
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus'...
High
Unreviewed
CVE-2018-18589
was published
May 13, 2022
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize...
High
Unreviewed
CVE-2018-15576
was published
May 13, 2022
** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2...
High
Unreviewed
CVE-2017-8804
was published
May 13, 2022
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows...
High
Unreviewed
CVE-2018-16364
was published
May 13, 2022
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent...
High
Unreviewed
CVE-2016-4483
was published
May 13, 2022
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state...
High
Unreviewed
CVE-2018-15686
was published
May 13, 2022
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A...
High
Unreviewed
CVE-2016-9045
was published
May 13, 2022
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the ...
High
Unreviewed
CVE-2022-1463
was published
May 11, 2022
ProTip!
Advisories are also available from the
GraphQL API