Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

319 advisories

Loading
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed... Critical Unreviewed
CVE-2018-20718 was published May 13, 2022
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call... Critical Unreviewed
CVE-2018-10085 was published May 13, 2022
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in... Critical Unreviewed
CVE-2018-1000641 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15959 was published May 13, 2022
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form... Critical Unreviewed
CVE-2018-1000059 was published May 13, 2022
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request... Critical Unreviewed
CVE-2018-1000525 was published May 13, 2022
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed
CVE-2017-11284 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15965 was published May 13, 2022
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10... Critical Unreviewed
CVE-2017-3066 was published May 13, 2022
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed
CVE-2017-11283 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15957 was published May 13, 2022
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have... Critical Unreviewed
CVE-2018-4939 was published May 13, 2022
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote... Critical Unreviewed
CVE-2016-1114 was published May 13, 2022
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to... Critical Unreviewed
CVE-2018-0147 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15958 was published May 13, 2022
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5... Critical Unreviewed
CVE-2018-15691 was published May 13, 2022
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote... Critical Unreviewed
CVE-2014-9515 was published May 13, 2022
An exploitable code execution vulnerability exists in the Levin deserialization functionality of... Critical Unreviewed
CVE-2018-3972 was published May 13, 2022
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function... Critical Unreviewed
CVE-2022-29363 was published May 13, 2022
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a... Critical Unreviewed
CVE-2020-23620 was published May 4, 2022
The Java Remote Management Interface of all versions of SVI MS Management System was discovered... Critical Unreviewed
CVE-2020-23621 was published May 4, 2022
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of... Critical Unreviewed
CVE-2022-44542 was published Nov 1, 2022
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. Critical Unreviewed
CVE-2022-40889 was published Oct 18, 2022
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe... Critical Unreviewed
CVE-2020-26867 was published May 24, 2022
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some... Critical Unreviewed
CVE-2022-2870 was published Aug 18, 2022
ProTip! Advisories are also available from the GraphQL API