GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,255 advisories
Filter by severity
ntlk unsafe deserialization vulnerability
High
CVE-2024-39705
was published
for
nltk
(pip)
Jun 28, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It...
Moderate
Unreviewed
CVE-2024-6525
was published
Jul 5, 2024
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10672
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10673
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies...
Low
Unreviewed
CVE-2024-34274
was published
May 21, 2024
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server...
Critical
Unreviewed
CVE-2024-29212
was published
May 14, 2024
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop...
Critical
Unreviewed
CVE-2024-24302
was published
Mar 3, 2024
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote...
Critical
Unreviewed
CVE-2023-43208
was published
Oct 26, 2023
A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this...
Moderate
Unreviewed
CVE-2024-6441
was published
Jul 2, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user...
High
Unreviewed
CVE-2024-36984
was published
Jul 1, 2024
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
High
Unreviewed
CVE-2021-26857
was published
May 24, 2022
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be...
High
Unreviewed
CVE-2024-5016
was published
Jun 25, 2024
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35491
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10969
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14062
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Apache Avro Java SDK vulnerable to Improper Input Validation
High
CVE-2023-39410
was published
for
avro
(Maven)
Sep 29, 2023
ProTip!
Advisories are also available from the
GraphQL API