Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

319 advisories

Loading
JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. Critical Unreviewed
CVE-2023-26234 was published Feb 21, 2023
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to... Critical Unreviewed
CVE-2023-0232 was published Feb 21, 2023
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2023-25135 was published Feb 3, 2023
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be... Critical Unreviewed
CVE-2022-32521 was published Jan 31, 2023
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2019-4279 was published May 24, 2022
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote... Critical Unreviewed
CVE-2021-45899 was published Jan 29, 2022
CrushFTP 8.x before 8.2.0 has a serialization vulnerability. Critical Unreviewed
CVE-2017-14035 was published May 17, 2022
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load,... Critical Unreviewed
CVE-2017-2292 was published May 17, 2022
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows... Critical Unreviewed
CVE-2021-44029 was published Dec 23, 2021
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could... Critical Unreviewed
CVE-2021-36336 was published Dec 22, 2021
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A,... Critical Unreviewed
CVE-2017-10932 was published May 17, 2022
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference... Critical Unreviewed
CVE-2017-12796 was published May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code... Critical Unreviewed
CVE-2022-30779 was published May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code... Critical Unreviewed
CVE-2022-30778 was published May 17, 2022
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads... Critical Unreviewed
CVE-2017-17672 was published May 14, 2022
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain... Critical Unreviewed
CVE-2016-7124 was published May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC... Critical Unreviewed
CVE-2017-12558 was published May 14, 2022
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java... Critical Unreviewed
CVE-2016-8511 was published May 14, 2022
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center ... Critical Unreviewed
CVE-2017-5790 was published May 14, 2022
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3)... Critical Unreviewed
CVE-2017-4947 was published May 14, 2022
A remote code execution vulnerability in HPE Operations Orchestration Community edition and... Critical Unreviewed
CVE-2016-8519 was published May 14, 2022
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3... Critical Unreviewed
CVE-2017-5792 was published May 14, 2022
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was... Critical Unreviewed
CVE-2017-12149 was published May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC... Critical Unreviewed
CVE-2017-12556 was published May 14, 2022
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by... Critical Unreviewed
CVE-2015-2020 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API