GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
596 advisories
Filter by severity
Deserialization of Untrusted Data in Log4j 1.x
High
CVE-2022-23302
was published
for
log4j:log4j
(Maven)
Jan 21, 2022
Insecure Java Deserialization in Apache Karaf
High
CVE-2021-41766
was published
for
org.apache.karaf.management:org.apache.karaf.management.server
(Maven)
Jan 28, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading...
High
Unreviewed
CVE-2021-42631
was published
Feb 1, 2022
Denial of Service by injecting highly recursive collections or maps in XStream
High
CVE-2021-43859
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Feb 1, 2022
Arbitrary code execution in Apache ServiceComb java-chassis
High
CVE-2020-17532
was published
for
org.apache.servicecomb:java-chassis
(Maven)
Feb 9, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability.
High
Unreviewed
CVE-2022-22005
was published
Feb 10, 2022
Deserialization of Untrusted Data in Apache ShardingSphere
High
CVE-2020-1947
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Feb 10, 2022
Gadget chain attack in Nippy
High
CVE-2020-24164
was published
for
com.taoensso:nippy
(Maven)
Feb 10, 2022
Deserialization of Untrusted Data in Magnolia CMS
High
CVE-2021-46364
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization...
High
Unreviewed
CVE-2021-39676
was published
Feb 12, 2022
Deserialization of untrusted data in Apache Cayenne
High
CVE-2022-24289
was published
for
org.apache.cayenne:cayenne-server
(Maven)
Feb 12, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
High
Unreviewed
CVE-2022-0138
was published
Feb 19, 2022
A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to...
High
Unreviewed
CVE-2022-24282
was published
Mar 9, 2022
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users...
High
Unreviewed
CVE-2022-23940
was published
Mar 11, 2022
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x...
High
Unreviewed
CVE-2022-26503
was published
Mar 18, 2022
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects...
High
Unreviewed
CVE-2021-27475
was published
Mar 24, 2022
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater...
High
Unreviewed
CVE-2022-1032
was published
Mar 30, 2022
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an...
High
Unreviewed
CVE-2022-20763
was published
Apr 7, 2022
Arbitrary Code Execution in Cookie Serialization
High
CVE-2017-1000053
was published
for
plug
(Erlang)
Apr 12, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code...
High
Unreviewed
CVE-2022-22957
was published
Apr 14, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker...
High
Unreviewed
CVE-2019-6834
was published
Apr 14, 2022
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360...
High
Unreviewed
CVE-2021-21956
was published
Apr 15, 2022
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to...
High
Unreviewed
CVE-2003-0791
was published
Apr 29, 2022
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code...
High
Unreviewed
CVE-2022-29936
was published
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API