GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
596 advisories
Filter by severity
Deserialization of Untrusted Data in Gson
High
CVE-2022-25647
was published
for
com.google.code.gson:gson
(Maven)
May 3, 2022
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the ...
High
Unreviewed
CVE-2022-1463
was published
May 11, 2022
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A...
High
Unreviewed
CVE-2016-9045
was published
May 13, 2022
Deserialization of Untrusted Data in Spring Security
High
CVE-2017-4995
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state...
High
Unreviewed
CVE-2018-15686
was published
May 13, 2022
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent...
High
Unreviewed
CVE-2016-4483
was published
May 13, 2022
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
High
CVE-2016-4978
was published
for
org.apache.activemq:artemis-pom
(Maven)
May 13, 2022
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows...
High
Unreviewed
CVE-2018-16364
was published
May 13, 2022
** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2...
High
Unreviewed
CVE-2017-8804
was published
May 13, 2022
Froxlor PHP Object Injection vulnerability
High
CVE-2018-1000527
was published
for
froxlor/froxlor
(Composer)
May 13, 2022
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize...
High
Unreviewed
CVE-2018-15576
was published
May 13, 2022
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus'...
High
Unreviewed
CVE-2018-18589
was published
May 13, 2022
Drupal Core Remote Code Execution Vulnerability
High
CVE-2019-6340
was published
for
drupal/core
(Composer)
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action...
High
Unreviewed
CVE-2019-9061
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to...
High
Unreviewed
CVE-2019-9057
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files...
High
Unreviewed
CVE-2019-9055
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class...
High
Unreviewed
CVE-2019-9056
was published
May 13, 2022
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize...
High
Unreviewed
CVE-2010-3258
was published
May 13, 2022
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting...
High
Unreviewed
CVE-2017-1000195
was published
May 13, 2022
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS...
High
Unreviewed
CVE-2010-4574
was published
May 13, 2022
Apache Tapestry Unsafe Object Storage
High
CVE-2014-1972
was published
for
org.apache.tapestry:tapestry-core
(Maven)
May 13, 2022
Pimcore Unserialize Remote Code Execution
High
CVE-2019-10867
was published
for
pimcore/pimcore
(Composer)
May 13, 2022
GraniteDS Insecure Deserialization
High
CVE-2017-3199
was published
for
org.graniteds:granite-core
(Maven)
May 13, 2022
GraniteDS Insecure Deserialization
High
CVE-2017-3200
was published
for
org.graniteds:granite-server-core
(Maven)
May 13, 2022
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0...
High
Unreviewed
CVE-2017-14141
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API