GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,351 advisories
Filter by severity
Object injection in PHPMailer/PHPMailer
Critical
CVE-2020-36326
was published
for
phpmailer/phpmailer
(Composer)
May 4, 2021
Insecure Deserialization of untrusted data in rmccue/requests
Critical
CVE-2021-29476
was published
for
rmccue/requests
(Composer)
Apr 29, 2021
Deserialization of Untrusted Data in Archive_Tar
High
CVE-2020-28948
was published
for
pear/archive_tar
(Composer)
Apr 22, 2021
"Deserialization errors in MyBatis"
High
CVE-2020-26945
was published
for
org.mybatis:mybatis
(Maven)
Apr 22, 2021
Fixes a bug in Zend Framework's Stream HTTP Wrapper
Critical
CVE-2021-21426
was published
for
openmage/magento-lts
(Composer)
Apr 22, 2021
Deserialization of Untrusted Data in PyYAML
High
CVE-2019-20477
was published
for
pyyaml
(pip)
Apr 20, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21351
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21350
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
Moderate
CVE-2021-21348
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21347
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21346
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21344
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
Moderate
CVE-2021-21343
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21342
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Potential remote code execution in Apache Tomcat
High
CVE-2021-25329
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 19, 2021
Execution of untrusted code through config file
Moderate
CVE-2021-21371
was published
for
tenable-jira-cloud
(pip)
Mar 10, 2021
Deserialization of untrusted data in jackson-databind
High
CVE-2021-20190
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 20, 2021
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
RCE via PHP Object injection via SOAP Requests
High
CVE-2020-15244
was published
for
openmage/magento-lts
(Composer)
Oct 30, 2020
Unsafe deserialization in Yii 2
High
CVE-2020-15148
was published
for
yiisoft/yii2
(Composer)
Sep 15, 2020
Insecure serialization leading to RCE in serialize-javascript
High
CVE-2020-7660
was published
for
serialize-javascript
(npm)
Aug 11, 2020
Code execution in Spring Integration
Critical
CVE-2020-5413
was published
for
org.springframework.integration:spring-integration-core
(Maven)
Aug 5, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API