Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

319 advisories

Loading
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp.... Critical Unreviewed
CVE-2022-4890 was published Jan 16, 2023
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting... Critical Unreviewed
CVE-2021-27460 was published Mar 24, 2022
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation... Critical Unreviewed
CVE-2021-27470 was published Mar 24, 2022
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation... Critical Unreviewed
CVE-2021-27462 was published Mar 24, 2022
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell... Critical Unreviewed
CVE-2021-27466 was published Mar 24, 2022
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this... Critical Unreviewed
CVE-2020-19229 was published Apr 6, 2022
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an... Critical Unreviewed
CVE-2021-33207 was published Apr 6, 2022
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1... Critical Unreviewed
CVE-2022-23450 was published Apr 13, 2022
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later... Critical Unreviewed
CVE-2022-26133 was published Apr 21, 2022
pearweb < 1.32 suffers from Deserialization of Untrusted Data. Critical Unreviewed
CVE-2022-27158 was published Apr 16, 2022
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes... Critical Unreviewed
CVE-2021-32935 was published May 24, 2022
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility... Critical Unreviewed
CVE-2020-28032 was published May 24, 2022
The affected products are vulnerable of untrusted data due to deserialization without prior... Critical Unreviewed
CVE-2022-1660 was published Jun 3, 2022
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C... Critical Unreviewed
CVE-2022-29875 was published Jun 2, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44559 was published Nov 10, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44558 was published Nov 10, 2022
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization... Critical Unreviewed
CVE-2017-4914 was published May 17, 2022
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize... Critical Unreviewed
CVE-2016-0360 was published May 17, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). Critical Unreviewed
CVE-2018-18447 was published Oct 13, 2022
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi... Critical Unreviewed
CVE-2017-9830 was published May 17, 2022
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2017-9424 was published May 17, 2022
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because... Critical Unreviewed
CVE-2022-35857 was published Jul 14, 2022
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux... Critical Unreviewed
CVE-2016-7050 was published May 17, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). Critical Unreviewed
CVE-2018-18446 was published Oct 13, 2022
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2016-3690 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API