Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,880
Maven
5,000+
npm
3,602
NuGet
638
pip
3,204
Pub
10
RubyGems
852
Rust
815
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,313 advisories

Loading
In the keystore library, there is a possible prevention of access to system Settings due to... Moderate Unreviewed
CVE-2022-20195 was published Jun 16, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) Low
CVE-2022-39379 was published for fluentd (RubyGems) Nov 2, 2022
p-
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization... Critical Unreviewed
CVE-2017-4914 was published May 17, 2022
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution Moderate
CVE-2021-32828 was published for org.nuxeo.ecm.platform:nuxeo-platform-oauth (Maven) Jan 6, 2023
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44558 was published Nov 10, 2022
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44559 was published Nov 10, 2022
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx High
CVE-2022-25863 was published for gatsby-plugin-mdx (npm) Jun 3, 2022
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C... Critical Unreviewed
CVE-2022-29875 was published Jun 2, 2022
The affected products are vulnerable of untrusted data due to deserialization without prior... Critical Unreviewed
CVE-2022-1660 was published Jun 3, 2022
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22097 was published for org.springframework.amqp:spring-amqp (Maven) May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses... High Unreviewed
CVE-2020-25258 was published May 24, 2022
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the... High Unreviewed
CVE-2020-4280 was published May 24, 2022
Zoho ManageEngine Desktop Central 10 allows remote code execution because of deserialization of... High Unreviewed
CVE-2020-10189 was published May 24, 2022
Deserialization of Untrusted Data in Hazelcast High
CVE-2016-10750 was published for com.hazelcast:hazelcast (Maven) May 24, 2022
Deserialization of Untrusted Data in NancyFX Nancy Critical
CVE-2017-9785 was published for Nancy (NuGet) May 17, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39147 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39152 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39148 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
wh1t3p1g
ThinkPHP deserialization vulnerability Critical
CVE-2022-38352 was published for topthink/framework (Composer) Sep 16, 2022
Insecure Deserialization in Apache Commons Beanutils High
CVE-2019-10086 was published for commons-beanutils:commons-beanutils (Maven) Jun 15, 2020
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed
CVE-2022-36964 was published Nov 29, 2022
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility... Critical Unreviewed
CVE-2020-28032 was published May 24, 2022
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web... High Unreviewed
CVE-2019-5069 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API