GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
319 advisories
Filter by severity
JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.
Critical
Unreviewed
CVE-2023-26234
was published
Feb 21, 2023
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to...
Critical
Unreviewed
CVE-2023-0232
was published
Feb 21, 2023
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code...
Critical
Unreviewed
CVE-2023-25135
was published
Feb 3, 2023
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be...
Critical
Unreviewed
CVE-2022-32521
was published
Jan 31, 2023
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2019-4279
was published
May 24, 2022
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote...
Critical
Unreviewed
CVE-2021-45899
was published
Jan 29, 2022
CrushFTP 8.x before 8.2.0 has a serialization vulnerability.
Critical
Unreviewed
CVE-2017-14035
was published
May 17, 2022
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load,...
Critical
Unreviewed
CVE-2017-2292
was published
May 17, 2022
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows...
Critical
Unreviewed
CVE-2021-44029
was published
Dec 23, 2021
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could...
Critical
Unreviewed
CVE-2021-36336
was published
Dec 22, 2021
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A,...
Critical
Unreviewed
CVE-2017-10932
was published
May 17, 2022
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference...
Critical
Unreviewed
CVE-2017-12796
was published
May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code...
Critical
Unreviewed
CVE-2022-30779
was published
May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code...
Critical
Unreviewed
CVE-2022-30778
was published
May 17, 2022
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads...
Critical
Unreviewed
CVE-2017-17672
was published
May 14, 2022
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain...
Critical
Unreviewed
CVE-2016-7124
was published
May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC...
Critical
Unreviewed
CVE-2017-12558
was published
May 14, 2022
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java...
Critical
Unreviewed
CVE-2016-8511
was published
May 14, 2022
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center ...
Critical
Unreviewed
CVE-2017-5790
was published
May 14, 2022
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3)...
Critical
Unreviewed
CVE-2017-4947
was published
May 14, 2022
A remote code execution vulnerability in HPE Operations Orchestration Community edition and...
Critical
Unreviewed
CVE-2016-8519
was published
May 14, 2022
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3...
Critical
Unreviewed
CVE-2017-5792
was published
May 14, 2022
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was...
Critical
Unreviewed
CVE-2017-12149
was published
May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC...
Critical
Unreviewed
CVE-2017-12556
was published
May 14, 2022
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by...
Critical
Unreviewed
CVE-2015-2020
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API