Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

121 advisories

Loading
Apache SOAP contains unauthenticated RPCRouterServlet Critical
CVE-2022-45378 was published for soap:soap (Maven) Nov 14, 2022
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
Hessian Lite for Apache Dubbo deserialization vulnerability Critical
CVE-2022-39198 was published for com.alibaba:hessian-lite (Maven) Oct 19, 2022
MySQL JDBC deserialization vulnerability Critical
CVE-2022-39312 was published for io.dataease:dataease-plugin-common (Maven) Oct 18, 2022
aboutbo
Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization Critical
CVE-2022-36944 was published for org.scala-lang:scala-library (Maven) Sep 25, 2022
lenaschoenburg lukaseder
alexkvak fernandomora joseraya adangel
Apache Geode vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-37021 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
raboof
Deserialization of Untrusted Data in Apache Tapestry Critical
CVE-2019-0195 was published for org.apache.tapestry:tapestry-core (Maven) May 24, 2022
JFinal Java Deserialization Vulnerability Critical
CVE-2021-31649 was published for com.jfinal:jfinal (Maven) May 24, 2022
Deserialization of Untrusted Data in Liferay Portal Critical
CVE-2020-7961 was published for com.liferay.portal:com.liferay.portal-kernel (Maven) May 24, 2022
Deserialization of Untrusted Data in JYaml Critical
CVE-2020-8441 was published for org.jyaml:jyaml (Maven) May 24, 2022
Pivotal Spring Framework contains unsafe Java deserialization methods Critical
CVE-2016-1000027 was published for org.springframework:spring-web (Maven) May 24, 2022
bclozel
Mulesoft Mule Unsafe Deserialization Critical
CVE-2019-13116 was published for org.mule.runtime:mule (Maven) May 24, 2022
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl Critical
CVE-2019-10202 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) May 24, 2022
Deserialization of Untrusted Data in Spring AMQP Critical
CVE-2017-8045 was published for org.springframework.amqp:spring-amqp (Maven) May 17, 2022
Apache Geode unsafe deserialization in TcpServer Critical
CVE-2017-15692 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Apache XML-RPC vulnerable to Deserialization of Untrusted Data Critical
CVE-2016-5003 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
Apache OpenMeetings RCE Critical
CVE-2016-8736 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
Apache Camel camel-hessian component vulnerable to Java object deserialization Critical
CVE-2017-12633 was published for org.apache.camel:camel-hessian (Maven) May 14, 2022
Deserialization of Untrusted Data in Flamingo amf-serializer Critical
CVE-2017-3202 was published for com.exadel.flamingo.flex:amf-serializer (Maven) May 13, 2022
Jenkins CLI Deserialization of Untrusted Data vulnerability Critical
CVE-2015-8103 was published for org.jenkins-ci.main:cli (Maven) May 13, 2022
sunSUNQ
Deserialization of Untrusted Data in Apache commons collections Critical
CVE-2015-7501 was published for commons-collections:commons-collections (Maven) May 13, 2022
wtwhite
Deserialization of Untrusted Data in Jython Critical
CVE-2016-4000 was published for org.python:jython (Maven) May 13, 2022
Apache MyFaces Trinidad Deserialization Vulnerability Critical
CVE-2016-5019 was published for org.apache.myfaces.trinidad:trinidad (Maven) May 13, 2022
Deserialization of Untrusted Data in Groovy Critical
CVE-2016-6814 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
SunBK201
Pippo RCE Vulnerability Critical
CVE-2018-18240 was published for ro.pippo:pippo-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API