GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,880
Maven
5,000+
npm
3,602
NuGet
638
pip
3,204
Pub
10
RubyGems
852
Rust
815
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,313 advisories
Filter by severity
In the keystore library, there is a possible prevention of access to system Settings due to...
Moderate
Unreviewed
CVE-2022-20195
was published
Jun 16, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Low
CVE-2022-39379
was published
for
fluentd
(RubyGems)
Nov 2, 2022
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization...
Critical
Unreviewed
CVE-2017-4914
was published
May 17, 2022
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
Moderate
CVE-2021-32828
was published
for
org.nuxeo.ecm.platform:nuxeo-platform-oauth
(Maven)
Jan 6, 2023
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful...
Critical
Unreviewed
CVE-2022-44558
was published
Nov 10, 2022
Unserialized Pop Chain in Laravel
Critical
CVE-2022-31279
was published
for
laravel/laravel
(Composer)
Jun 8, 2022
•
withdrawn
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful...
Critical
Unreviewed
CVE-2022-44559
was published
Nov 10, 2022
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx
High
CVE-2022-25863
was published
for
gatsby-plugin-mdx
(npm)
Jun 3, 2022
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C...
Critical
Unreviewed
CVE-2022-29875
was published
Jun 2, 2022
The affected products are vulnerable of untrusted data due to deserialization without prior...
Critical
Unreviewed
CVE-2022-1660
was published
Jun 3, 2022
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22097
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses...
High
Unreviewed
CVE-2020-25258
was published
May 24, 2022
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the...
High
Unreviewed
CVE-2020-4280
was published
May 24, 2022
Zoho ManageEngine Desktop Central 10 allows remote code execution because of deserialization of...
High
Unreviewed
CVE-2020-10189
was published
May 24, 2022
Deserialization of Untrusted Data in Hazelcast
High
CVE-2016-10750
was published
for
com.hazelcast:hazelcast
(Maven)
May 24, 2022
Deserialization of Untrusted Data in NancyFX Nancy
Critical
CVE-2017-9785
was published
for
Nancy
(NuGet)
May 17, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39147
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39148
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
ThinkPHP deserialization vulnerability
Critical
CVE-2022-38352
was published
for
topthink/framework
(Composer)
Sep 16, 2022
Insecure Deserialization in Apache Commons Beanutils
High
CVE-2019-10086
was published
for
commons-beanutils:commons-beanutils
(Maven)
Jun 15, 2020
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability...
High
Unreviewed
CVE-2022-36964
was published
Nov 29, 2022
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility...
Critical
Unreviewed
CVE-2020-28032
was published
May 24, 2022
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web...
High
Unreviewed
CVE-2019-5069
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API