Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

319 advisories

Loading
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44681 was published Dec 7, 2021
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44682 was published Dec 7, 2021
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44679 was published Dec 7, 2021
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44680 was published Dec 7, 2021
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44678 was published Dec 7, 2021
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44677 was published Dec 7, 2021
Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery... Critical Unreviewed
CVE-2021-37298 was published Dec 7, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using... Critical Unreviewed
CVE-2021-42127 was published Dec 8, 2021
The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize... Critical Unreviewed
CVE-2021-24857 was published Dec 14, 2021
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could... Critical Unreviewed
CVE-2021-36336 was published Dec 22, 2021
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows... Critical Unreviewed
CVE-2021-44029 was published Dec 23, 2021
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote... Critical Unreviewed
CVE-2021-45899 was published Jan 29, 2022
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation... Critical Unreviewed
CVE-2021-27462 was published Mar 24, 2022
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting... Critical Unreviewed
CVE-2021-27460 was published Mar 24, 2022
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation... Critical Unreviewed
CVE-2021-27470 was published Mar 24, 2022
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell... Critical Unreviewed
CVE-2021-27466 was published Mar 24, 2022
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this... Critical Unreviewed
CVE-2020-19229 was published Apr 6, 2022
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an... Critical Unreviewed
CVE-2021-33207 was published Apr 6, 2022
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1... Critical Unreviewed
CVE-2022-23450 was published Apr 13, 2022
pearweb < 1.32 suffers from Deserialization of Untrusted Data. Critical Unreviewed
CVE-2022-27158 was published Apr 16, 2022
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later... Critical Unreviewed
CVE-2022-26133 was published Apr 21, 2022
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. Critical Unreviewed
CVE-2022-29528 was published Apr 22, 2022
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a... Critical Unreviewed
CVE-2020-23620 was published May 4, 2022
The Java Remote Management Interface of all versions of SVI MS Management System was discovered... Critical Unreviewed
CVE-2020-23621 was published May 4, 2022
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function... Critical Unreviewed
CVE-2022-29363 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API