Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,042 advisories

Loading
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a... High Unreviewed
CVE-2023-40595 was published Aug 30, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2023-31058 was published for org.apache.inlong:manager-common (Maven) Jul 6, 2023
Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22... High Unreviewed
CVE-2023-1714 was published Nov 1, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2023-46227 was published for org.apache.inlong:manager-common (Maven) Oct 19, 2023
Nacos Spring vulnerable to Unsafe Deserialization High
CVE-2023-39106 was published for com.alibaba.nacos:nacos-spring-context (Maven) Aug 21, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability High
CVE-2023-24621 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability High
CVE-2023-28754 was published for org.apache.shardingsphere:shardingsphere (Maven) Jul 19, 2023
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain High
CVE-2016-4978 was published for org.apache.activemq:artemis-pom (Maven) May 13, 2022
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2022-2444 was published Jul 19, 2022
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via... High Unreviewed
CVE-2022-2436 was published Sep 7, 2022
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via... High Unreviewed
CVE-2022-2434 was published Sep 7, 2022
RCE vulnerability in Jenkins OpenShift Pipeline Plugin High
CVE-2020-2167 was published for com.openshift.jenkins:openshift-pipeline (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Apache James Privilege Escalation High
CVE-2017-12628 was published for org.apache.james:james-project (Maven) May 17, 2022
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input... High Unreviewed
CVE-2022-2438 was published Sep 7, 2022
GraniteDS Insecure Deserialization High
CVE-2017-3200 was published for org.graniteds:granite-server-core (Maven) May 13, 2022
GraniteDS Insecure Deserialization High
CVE-2017-3199 was published for org.graniteds:granite-core (Maven) May 13, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 Credited to jsk95 and ashmind ashmind ashmind
mPDF Unsafe Deserialization High
CVE-2019-1000005 was published for mpdf/mpdf (Composer) May 14, 2022
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator... High Unreviewed
CVE-2019-12868 was published May 24, 2022
Akka Java Serialization vulnerability High
CVE-2017-1000034 was published for com.typesafe.akka:akka-actor (Maven) Oct 22, 2018
Possible Strong Parameters Bypass in ActionPack High
CVE-2020-8164 was published for actionpack (RubyGems) May 26, 2020
navhits Credited to navhits
Insecure Java Deserialization in Apache Karaf High
CVE-2021-41766 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Jan 28, 2022
Deserialization of Untrusted Data in librenms/librenms High
CVE-2022-3525 was published for librenms/librenms (Composer) Nov 20, 2022
Py2Play Unpickles Untrusted Objects High
CVE-2005-2875 was published for Py2Play (pip) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database