GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
596 advisories
Filter by severity
Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11
High
CVE-2022-37022
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39153
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39141
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses...
High
Unreviewed
CVE-2020-25259
was published
May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It...
High
Unreviewed
CVE-2020-25260
was published
May 24, 2022
Deserialization of Untrusted Data in Infinispan
High
CVE-2018-1131
was published
for
org.infinispan:infinispan-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Spring-flex
High
CVE-2017-3203
was published
for
org.springframework.flex:spring-flex
(Maven)
May 13, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39139
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Spring Batch
High
CVE-2020-5411
was published
for
org.springframework.batch:spring-batch-core
(Maven)
May 24, 2022
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web...
High
Unreviewed
CVE-2019-5069
was published
May 24, 2022
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability...
High
Unreviewed
CVE-2022-36964
was published
Nov 29, 2022
Insecure Deserialization in Apache Commons Beanutils
High
CVE-2019-10086
was published
for
commons-beanutils:commons-beanutils
(Maven)
Jun 15, 2020
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39148
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39147
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Hazelcast
High
CVE-2016-10750
was published
for
com.hazelcast:hazelcast
(Maven)
May 24, 2022
Zoho ManageEngine Desktop Central 10 allows remote code execution because of deserialization of...
High
Unreviewed
CVE-2020-10189
was published
May 24, 2022
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the...
High
Unreviewed
CVE-2020-4280
was published
May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses...
High
Unreviewed
CVE-2020-25258
was published
May 24, 2022
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx
High
CVE-2022-25863
was published
for
gatsby-plugin-mdx
(npm)
Jun 3, 2022
User account escalation in Apache Hadoop
High
CVE-2021-33036
was published
for
org.apache.hadoop:hadoop-yarn-server-common
(Maven)
Jun 16, 2022
ProTip!
Advisories are also available from the
GraphQL API