GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
201 advisories
Filter by severity
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Critical
CVE-2023-36480
was published
for
com.aerospike:aerospike-client
(Maven)
Aug 3, 2023
Remote code execution in Apache Jackrabbit
Critical
CVE-2023-37895
was published
for
org.apache.jackrabbit:jackrabbit-standalone
(Maven)
Jul 25, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Critical
CVE-2023-26512
was published
for
org.apache.eventmesh:eventmesh-connector-rabbitmq
(Maven)
Jul 17, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution
Critical
CVE-2023-36825
was published
for
orchid/platform
(Composer)
Jul 11, 2023
Solon vulnerable to deserialization of untrusted data
Critical
CVE-2023-35839
was published
for
org.noear:solon
(Maven)
Jun 19, 2023
xxl-rpc deserialization vulnerability
Critical
CVE-2023-33496
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Jun 7, 2023
glazedlists XML Deserialization vulnerability
Critical
CVE-2023-31890
was published
for
com.glazedlists:glazedlists
(Maven)
May 16, 2023
Apache Linkis DatasourceManager module has deserialization vulnerability
Critical
CVE-2023-29216
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Apr 10, 2023
Apache Linkis JDBC EngineConn has deserialization vulnerability
Critical
CVE-2023-29215
was published
for
org.apache.linkis:linkis-engineconn
(Maven)
Apr 10, 2023
PHAR deserialization allowing remote code execution
Critical
CVE-2023-28115
was published
for
knplabs/knp-snappy
(Composer)
Mar 17, 2023
Apache Dubbo vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-23638
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 8, 2023
LiteDB may deserialize bad JSON on object type using _type
Critical
CVE-2022-23535
was published
for
LiteDB
(NuGet)
Feb 24, 2023
Deserialization of Untrusted Data in thinkphp
Critical
CVE-2022-45982
was published
for
topthink/think
(Composer)
Feb 8, 2023
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24997
was published
for
org.apache.inlong:inlong
(Maven)
Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24162
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Critical
CVE-2021-32824
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Jan 3, 2023
replicator vulnerable to Deserialization of Untrusted Data
Critical
CVE-2021-33420
was published
for
replicator
(npm)
Dec 15, 2022
Apache Tapestry allows deserialization of untrusted data
Critical
CVE-2022-46366
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Dec 2, 2022
Unsafe deserialization in Apache MINA SSHD
Critical
CVE-2022-45047
was published
for
org.apache.sshd:sshd-common
(Maven)
Nov 16, 2022
Apache Jena vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-45136
was published
for
org.apache.jena:jena-sdb
(Maven)
Nov 14, 2022
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Critical
CVE-2022-42468
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Oct 26, 2022
Hessian Lite for Apache Dubbo deserialization vulnerability
Critical
CVE-2022-39198
was published
for
com.alibaba:hessian-lite
(Maven)
Oct 19, 2022
MySQL JDBC deserialization vulnerability
Critical
CVE-2022-39312
was published
for
io.dataease:dataease-plugin-common
(Maven)
Oct 18, 2022
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Critical
CVE-2018-17057
was published
for
fooman/tcpdf
(Composer)
Oct 6, 2022
ProTip!
Advisories are also available from the
GraphQL API