GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
118 advisories
Filter by severity
Remote Command Execution in SOFARPC
Critical
CVE-2024-23636
was published
for
com.alipay.sofa:rpc-sofa-boot-starter
(Maven)
Jan 23, 2024
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
Critical
CVE-2017-20189
was published
for
org.clojure:clojure
(Maven)
Jan 22, 2024
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Critical
CVE-2023-46279
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
Solon is vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-48967
was published
for
org.noear:solon
(Maven)
Dec 4, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Critical
CVE-2023-48887
was published
for
org.jupiter-rpc:jupiter-rpc
(Maven)
Dec 2, 2023
Apache ActiveMQ is vulnerable to Remote Code Execution
Critical
CVE-2023-46604
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 27, 2023
Authorization Bypass in Apache InLong
Critical
CVE-2023-43668
was published
for
org.apache.inlong:manager-pojo
(Maven)
Oct 16, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Critical
CVE-2023-36480
was published
for
com.aerospike:aerospike-client
(Maven)
Aug 3, 2023
Remote code execution in Apache Jackrabbit
Critical
CVE-2023-37895
was published
for
org.apache.jackrabbit:jackrabbit-standalone
(Maven)
Jul 25, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Critical
CVE-2023-26512
was published
for
org.apache.eventmesh:eventmesh-connector-rabbitmq
(Maven)
Jul 17, 2023
Solon vulnerable to deserialization of untrusted data
Critical
CVE-2023-35839
was published
for
org.noear:solon
(Maven)
Jun 19, 2023
xxl-rpc deserialization vulnerability
Critical
CVE-2023-33496
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Jun 7, 2023
glazedlists XML Deserialization vulnerability
Critical
CVE-2023-31890
was published
for
com.glazedlists:glazedlists
(Maven)
May 16, 2023
Apache Linkis DatasourceManager module has deserialization vulnerability
Critical
CVE-2023-29216
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Apr 10, 2023
Apache Linkis JDBC EngineConn has deserialization vulnerability
Critical
CVE-2023-29215
was published
for
org.apache.linkis:linkis-engineconn
(Maven)
Apr 10, 2023
Apache Dubbo vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-23638
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 8, 2023
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24997
was published
for
org.apache.inlong:inlong
(Maven)
Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24162
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Critical
CVE-2021-32824
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Jan 3, 2023
Apache Tapestry allows deserialization of untrusted data
Critical
CVE-2022-46366
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Dec 2, 2022
Unsafe deserialization in Apache MINA SSHD
Critical
CVE-2022-45047
was published
for
org.apache.sshd:sshd-common
(Maven)
Nov 16, 2022
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
Apache Jena vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-45136
was published
for
org.apache.jena:jena-sdb
(Maven)
Nov 14, 2022
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Critical
CVE-2022-42468
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Oct 26, 2022
Hessian Lite for Apache Dubbo deserialization vulnerability
Critical
CVE-2022-39198
was published
for
com.alibaba:hessian-lite
(Maven)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API