GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
152 advisories
Filter by severity
Unsafe Deserialization in jackson-databind
High
CVE-2020-24750
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Code Injection in jackson-databind
High
CVE-2020-24616
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14892
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Restlet Arbitrary Java Code Execution via a serialized object
High
CVE-2013-4271
was published
for
org.restlet.jse:org.restlet
(Maven)
May 17, 2022
Wildfly Unsafe Deserialization Vulnerability
High
CVE-2020-10740
was published
for
org.wildfly:wildfly-parent
(Maven)
May 24, 2022
OpenNMS Horizon RCE via Unsafe Deserialization
High
CVE-2020-12760
was published
for
org.opennms.core:org.opennms.core.daemon
(Maven)
May 24, 2022
jackson-databind before 2.9.10.4 vulnerable to unsafe deserialization
High
CVE-2020-10650
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 15, 2022
Apache Tapestry Unsafe Object Storage
High
CVE-2014-1972
was published
for
org.apache.tapestry:tapestry-core
(Maven)
May 13, 2022
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data
High
CVE-2023-25194
was published
for
org.apache.kafka:connect
(Maven)
Feb 7, 2023
XStream can cause Denial of Service via stack overflow
High
CVE-2022-41966
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 29, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Insecure Deserialization in Apache Commons Collection
High
CVE-2015-6420
was published
for
commons-collections:commons-collections
(Maven)
Jun 15, 2020
Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data
High
CVE-2020-15777
was published
for
com.gradle:gradle-enterprise-maven-extension
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Infinispan
High
CVE-2017-15089
was published
for
org.infinispan:infinispan-core
(Maven)
May 14, 2022
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
High
CVE-2023-27296
was published
for
org.apache.inlong:inlong-manager
(Maven)
Mar 27, 2023
RubyGems Deserialization of Untrusted Data vulnerability
High
CVE-2018-1000074
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Apache Linkis contains Deserialization of Untrusted Data
High
CVE-2022-44645
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
Deserialization of untrusted data in Apache Cayenne
High
CVE-2022-24289
was published
for
org.apache.cayenne:cayenne-server
(Maven)
Feb 12, 2022
Deserialization of Untrusted Data in Magnolia CMS
High
CVE-2021-46364
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
Potential remote code execution in Apache Tomcat
High
CVE-2021-25329
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 19, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter
High
CVE-2021-23441
was published
for
com.jsoniter:jsoniter
(Maven)
Sep 20, 2021
•
withdrawn
Deserialization of Untrusted Data in Apache Camel RabbitMQ
High
CVE-2020-11972
was published
for
org.apache.camel:camel-rabbitmq
(Maven)
May 21, 2021
Deserialization of Untrusted Data in Apache Heron
High
CVE-2020-1964
was published
for
org.apache.heron:heron-simulator
(Maven)
Jan 6, 2022
Gadget chain attack in Nippy
High
CVE-2020-24164
was published
for
com.taoensso:nippy
(Maven)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API