GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
232 advisories
Filter by severity
Unsafe Deserialization in jackson-databind
High
CVE-2020-36181
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36185
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36179
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36182
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-24750
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Serialization gadget exploit in jackson-databind
High
CVE-2020-35728
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35491
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35490
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Code Injection in jackson-databind
High
CVE-2020-24616
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36186
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Nov 19, 2021
Nameko Arbitrary code execution due to YAML deserialization
High
CVE-2021-41078
was published
for
nameko
(pip)
Oct 19, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter
High
CVE-2021-23441
was published
for
com.jsoniter:jsoniter
(Maven)
Sep 20, 2021
•
withdrawn
Deserialization of Untrusted Data in parlai
High
CVE-2021-39207
was published
for
parlai
(pip)
Sep 13, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39139
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39141
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39145
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39146
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39147
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39148
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API