Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

154 advisories

Loading
Deserialization of Untrusted Data in Apache Heron High
CVE-2020-1964 was published for org.apache.heron:heron-simulator (Maven) Jan 6, 2022
Gadget chain attack in Nippy High
CVE-2020-24164 was published for com.taoensso:nippy (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache ShardingSphere High
CVE-2020-1947 was published for org.apache.shardingsphere:shardingsphere (Maven) Feb 10, 2022
"Deserialization errors in MyBatis" High
CVE-2020-26945 was published for org.mybatis:mybatis (Maven) Apr 22, 2021
Arbitrary code execution in Apache ServiceComb java-chassis High
CVE-2020-17532 was published for org.apache.servicecomb:java-chassis (Maven) Feb 9, 2022
Unsafe Deserialization that can Result in Code Execution High
CVE-2020-36282 was published for com.rabbitmq.jms:rabbitmq-jms (Maven) Dec 10, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Deserialization of Untrusted Data in Apache Tomcat High
CVE-2013-2185 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14061 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11111 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11112 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 10, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11619 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14893 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Apache InLong vulnerable to Deserialization of Untrusted Data High
CVE-2022-40955 was published for org.apache.inlong:inlong-common (Maven) Sep 21, 2022
RCE vulnerability in Jenkins DotCi Plugin High
CVE-2022-41237 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
RCE vulnerability in Jenkins Azure Container Service Plugin High
CVE-2020-2168 was published for org.jenkins-ci.plugins:azure-acs (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin High
CVE-2020-2166 was published for de.taimos:pipeline-aws (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Google Kubernetes Engine Plugin High
CVE-2020-2121 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
NotMyFault
Apache Linkis subject to Remote Code Execution via deserialization High
CVE-2022-39944 was published for org.apache.linkis:linkis (Maven) Oct 26, 2022
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider High
CVE-2018-1051 was published for org.jboss.resteasy:resteasy-yaml-provider (Maven) May 13, 2022
Apache NiFi JMS Deserialization issue High
CVE-2018-1310 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Deserialization of Untrusted Data in Apache Brooklyn High
CVE-2016-8744 was published for org.apache.brooklyn:brooklyn (Maven) May 17, 2022
Apache Geode unsafe deserialization of application objects High
CVE-2017-15693 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Deserialization of Untrusted Data in Gson High
CVE-2022-25647 was published for com.google.code.gson:gson (Maven) May 3, 2022
Remote Code Execution vulnerability in Jenkins Literate Plugin High
CVE-2020-2158 was published for org.jenkins-ci.plugins:literate (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API