Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

596 advisories

Loading
Deserialization of Untrusted Data in Gson High
CVE-2022-25647 was published for com.google.code.gson:gson (Maven) May 3, 2022
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the ... High Unreviewed
CVE-2022-1463 was published May 11, 2022
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A... High Unreviewed
CVE-2016-9045 was published May 13, 2022
Deserialization of Untrusted Data in Spring Security High
CVE-2017-4995 was published for org.springframework.security:spring-security-core (Maven) May 13, 2022
sunSUNQ
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state... High Unreviewed
CVE-2018-15686 was published May 13, 2022
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent... High Unreviewed
CVE-2016-4483 was published May 13, 2022
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain High
CVE-2016-4978 was published for org.apache.activemq:artemis-pom (Maven) May 13, 2022
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows... High Unreviewed
CVE-2018-16364 was published May 13, 2022
** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2... High Unreviewed
CVE-2017-8804 was published May 13, 2022
Froxlor PHP Object Injection vulnerability High
CVE-2018-1000527 was published for froxlor/froxlor (Composer) May 13, 2022
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize... High Unreviewed
CVE-2018-15576 was published May 13, 2022
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus'... High Unreviewed
CVE-2018-18589 was published May 13, 2022
Drupal Core Remote Code Execution Vulnerability High
CVE-2019-6340 was published for drupal/core (Composer) May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action... High Unreviewed
CVE-2019-9061 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to... High Unreviewed
CVE-2019-9057 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files... High Unreviewed
CVE-2019-9055 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class... High Unreviewed
CVE-2019-9056 was published May 13, 2022
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize... High Unreviewed
CVE-2010-3258 was published May 13, 2022
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting... High Unreviewed
CVE-2017-1000195 was published May 13, 2022
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS... High Unreviewed
CVE-2010-4574 was published May 13, 2022
Apache Tapestry Unsafe Object Storage High
CVE-2014-1972 was published for org.apache.tapestry:tapestry-core (Maven) May 13, 2022
Pimcore Unserialize Remote Code Execution High
CVE-2019-10867 was published for pimcore/pimcore (Composer) May 13, 2022
GraniteDS Insecure Deserialization High
CVE-2017-3199 was published for org.graniteds:granite-core (Maven) May 13, 2022
GraniteDS Insecure Deserialization High
CVE-2017-3200 was published for org.graniteds:granite-server-core (Maven) May 13, 2022
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0... High Unreviewed
CVE-2017-14141 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API