Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,238
Maven
5,000+
npm
3,900
NuGet
701
pip
3,666
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,646 advisories

Loading
Deserialization of Untrusted Data in JYaml Critical
CVE-2020-8441 was published for org.jyaml:jyaml (Maven) May 24, 2022
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes... Critical Unreviewed
CVE-2021-32935 was published May 24, 2022
XStream can cause a Denial of Service Moderate
CVE-2021-39140 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39145 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Li4n0
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39146 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
Deserialization of Untrusted Data in Jenkins High
CVE-2017-2608 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Jython Critical
CVE-2016-4000 was published for org.python:jython (Maven) May 13, 2022
Deserialization of Untrusted Data in Jenkins Critical
CVE-2017-1000353 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
pearweb < 1.32 suffers from Deserialization of Untrusted Data. Critical Unreviewed
CVE-2022-27158 was published Apr 16, 2022
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later... Critical Unreviewed
CVE-2022-26133 was published Apr 21, 2022
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360... High Unreviewed
CVE-2021-21956 was published Apr 15, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker... High Unreviewed
CVE-2019-6834 was published Apr 14, 2022
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1... Critical Unreviewed
CVE-2022-23450 was published Apr 13, 2022
Remote Code Execution in Laravel Critical
CVE-2021-43503 was published for laravel/laravel (Composer) Apr 9, 2022 withdrawn
mir-hossein
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an... High Unreviewed
CVE-2022-20763 was published Apr 7, 2022
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an... Critical Unreviewed
CVE-2021-33207 was published Apr 6, 2022
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this... Critical Unreviewed
CVE-2020-19229 was published Apr 6, 2022
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater... High Unreviewed
CVE-2022-1032 was published Mar 30, 2022
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell... Critical Unreviewed
CVE-2021-27466 was published Mar 24, 2022
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects... High Unreviewed
CVE-2021-27475 was published Mar 24, 2022
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation... Critical Unreviewed
CVE-2021-27462 was published Mar 24, 2022
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting... Critical Unreviewed
CVE-2021-27460 was published Mar 24, 2022
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation... Critical Unreviewed
CVE-2021-27470 was published Mar 24, 2022
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x... High Unreviewed
CVE-2022-26503 was published Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database