GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
327 advisories
Filter by severity
The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize...
Critical
Unreviewed
CVE-2021-24857
was published
Dec 14, 2021
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44682
was published
Dec 7, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using...
Critical
Unreviewed
CVE-2021-42127
was published
Dec 8, 2021
Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery...
Critical
Unreviewed
CVE-2021-37298
was published
Dec 7, 2021
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44681
was published
Dec 7, 2021
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44678
was published
Dec 7, 2021
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44679
was published
Dec 7, 2021
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44677
was published
Dec 7, 2021
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed...
Critical
Unreviewed
CVE-2018-20718
was published
May 13, 2022
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call...
Critical
Unreviewed
CVE-2018-10085
was published
May 13, 2022
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in...
Critical
Unreviewed
CVE-2018-1000641
was published
May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15959
was published
May 13, 2022
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form...
Critical
Unreviewed
CVE-2018-1000059
was published
May 13, 2022
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request...
Critical
Unreviewed
CVE-2018-1000525
was published
May 13, 2022
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and...
Critical
Unreviewed
CVE-2017-11284
was published
May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15965
was published
May 13, 2022
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10...
Critical
Unreviewed
CVE-2017-3066
was published
May 13, 2022
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and...
Critical
Unreviewed
CVE-2017-11283
was published
May 13, 2022
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have...
Critical
Unreviewed
CVE-2018-4939
was published
May 13, 2022
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote...
Critical
Unreviewed
CVE-2016-1114
was published
May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15957
was published
May 13, 2022
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to...
Critical
Unreviewed
CVE-2018-0147
was published
May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15958
was published
May 13, 2022
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5...
Critical
Unreviewed
CVE-2018-15691
was published
May 13, 2022
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote...
Critical
Unreviewed
CVE-2014-9515
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API