GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
319 advisories
Filter by severity
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function...
Critical
Unreviewed
CVE-2016-6620
was published
May 14, 2022
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via...
Critical
Unreviewed
CVE-2014-8731
was published
May 14, 2022
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in...
Critical
Unreviewed
CVE-2017-10934
was published
May 14, 2022
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote...
Critical
Unreviewed
CVE-2016-0779
was published
May 14, 2022
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly...
Critical
Unreviewed
CVE-2017-9844
was published
May 14, 2022
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2018-20732
was published
May 14, 2022
MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that...
Critical
Unreviewed
CVE-2018-1000824
was published
May 14, 2022
Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter...
Critical
Unreviewed
CVE-2018-1000827
was published
May 14, 2022
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows...
Critical
Unreviewed
CVE-2018-9843
was published
May 14, 2022
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection...
Critical
Unreviewed
CVE-2018-20148
was published
May 14, 2022
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute...
Critical
Unreviewed
CVE-2019-6503
was published
May 14, 2022
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter...
Critical
Unreviewed
CVE-2018-1000833
was published
May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC...
Critical
Unreviewed
CVE-2017-12557
was published
May 14, 2022
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that...
Critical
Unreviewed
CVE-2017-18365
was published
May 14, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:...
Critical
Unreviewed
CVE-2018-2628
was published
May 14, 2022
The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote...
Critical
Unreviewed
CVE-2016-6793
was published
May 14, 2022
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin...
Critical
Unreviewed
CVE-2022-44351
was published
Dec 7, 2022
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).
Critical
Unreviewed
CVE-2022-44371
was published
Dec 7, 2022
The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to...
Critical
Unreviewed
CVE-2016-3957
was published
May 14, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:...
Critical
Unreviewed
CVE-2018-3245
was published
May 13, 2022
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services...
Critical
Unreviewed
CVE-2022-31680
was published
Oct 8, 2022
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter...
Critical
Unreviewed
CVE-2018-1000832
was published
May 13, 2022
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized...
Critical
Unreviewed
CVE-2017-5830
was published
May 13, 2022
OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the...
Critical
Unreviewed
CVE-2022-43019
was published
Oct 19, 2022
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe...
Critical
Unreviewed
CVE-2016-9498
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API