GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
596 advisories
Filter by severity
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11111
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14892
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10673
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14893
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Potential remote code execution in Apache Tomcat
High
CVE-2020-9484
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 21, 2020
Possible Strong Parameters Bypass in ActionPack
High
CVE-2020-8164
was published
for
actionpack
(RubyGems)
May 26, 2020
Phar unserialization vulnerability in phpMussel
High
CVE-2020-4043
was published
for
Maikuolan/phpMussel
(Composer)
Jun 10, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11112
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 10, 2020
Deserialization of Untrusted Data
High
CVE-2018-12023
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 15, 2020
Insecure Deserialization in Apache Commons Beanutils
High
CVE-2019-10086
was published
for
commons-beanutils:commons-beanutils
(Maven)
Jun 15, 2020
Insecure Deserialization in Apache Commons Collection
High
CVE-2015-6420
was published
for
commons-collections:commons-collections
(Maven)
Jun 15, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14195
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14060
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14062
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14061
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of Untrusted Data in jackson-databind
High
CVE-2018-5968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 30, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Insecure serialization leading to RCE in serialize-javascript
High
CVE-2020-7660
was published
for
serialize-javascript
(npm)
Aug 11, 2020
Unsafe deserialization in Yii 2
High
CVE-2020-15148
was published
for
yiisoft/yii2
(Composer)
Sep 15, 2020
RCE via PHP Object injection via SOAP Requests
High
CVE-2020-15244
was published
for
openmage/magento-lts
(Composer)
Oct 30, 2020
Deserialization of untrusted data in jackson-databind
High
CVE-2021-20190
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 20, 2021
Potential remote code execution in Apache Tomcat
High
CVE-2021-25329
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 19, 2021
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Deserialization of Untrusted Data in PyYAML
High
CVE-2019-20477
was published
for
pyyaml
(pip)
Apr 20, 2021
ProTip!
Advisories are also available from the
GraphQL API