GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
180 advisories
Filter by severity
OpenAM has Unsafe Java Deserialization via SNS
High
CVE-2026-45794
was published
for
org.openidentityplatform.openam:openam-push-notification
(Maven)
Jun 25, 2026
jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation
High
CVE-2026-54512
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 23, 2026
Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types
High
CVE-2026-44795
was published
for
io.spinnaker.orca:orca-core
(Maven)
Jun 22, 2026
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
High
CVE-2025-27511
was published
for
org.geoserver.extension:gs-db2
(Maven)
Jun 11, 2026
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization
High
CVE-2026-41731
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Jun 10, 2026
Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data
High
CVE-2026-40858
was published
for
org.apache.camel:camel-infinispan
(Maven)
Apr 27, 2026
Camel-MINA Vulnerable to Deserialization of Untrusted Data
High
CVE-2026-40473
was published
for
org.apache.camel:camel-mina
(Maven)
Apr 27, 2026
Camel-PQC Vulnerable to Deserialization of Untrusted Data
High
CVE-2026-40048
was published
for
org.apache.camel:camel-pqc
(Maven)
Apr 27, 2026
camel-infinispan Vulnerable to Deserialization of Untrusted Data
High
CVE-2026-6857
was published
for
org.apache.camel:camel-infinispan
(Maven)
Apr 22, 2026
Apache Storm: Deserialization of Untrusted Data vulnerability
High
CVE-2026-35337
was published
for
org.apache.storm:storm-client
(Maven)
Apr 13, 2026
Apache Spark: Spark History Server Code Execution Vulnerability
High
CVE-2025-54920
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 16, 2026
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
High
CVE-2026-27830
was published
for
com.mchange:c3p0
(Maven)
Feb 25, 2026
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
High
CVE-2026-27727
was published
for
com.mchange:mchange-commons-java
(Maven)
Feb 25, 2026
Apache Camel Deserializes Untrusted Data in its LevelDB Component
High
CVE-2026-25747
was published
for
org.apache.camel:camel-leveldb
(Maven)
Feb 23, 2026
Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization
High
CVE-2025-66524
was published
for
org.apache.nifi:nifi-asana-processors
(Maven)
Dec 19, 2025
Apache HugeGraph-Server: RAFT and deserialization vulnerability
High
CVE-2025-26866
was published
for
org.apache.hugegraph:hg-pd-core
(Maven)
Dec 12, 2025
JasperReports has a Java deserialisation vulnerability
High
CVE-2025-10492
was published
for
net.sf.jasperreports:jasperreports
(Maven)
Sep 16, 2025
Apache Seata: Deserialization of untrusted Data in Apache Seata Server
High
CVE-2025-53606
was published
for
org.apache.seata:seata-serializer-fury
(Maven)
Aug 8, 2025
PowSyBl Core allows deserialization of untrusted SparseMatrix data
High
CVE-2025-47771
was published
for
com.powsybl:powsybl-math
(Maven)
Jun 19, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability
High
CVE-2025-27819
was published
for
org.apache.kafka:kafka_2.10
(Maven)
Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability
High
CVE-2025-27818
was published
for
org.apache.kafka:kafka_2.11
(Maven)
Jun 10, 2025
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2025-27531
was published
for
org.apache.inlong:inlong-manager
(Maven)
Jun 6, 2025
Apache InLong: JDBC Vulnerability during verification processing
High
CVE-2025-27522
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 28, 2025
jooby-pac4j: deserialization of untrusted data
High
CVE-2025-31129
was published
for
io.jooby:jooby-pac4j
(Maven)
Apr 1, 2025
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
High
CVE-2022-41137
was published
for
org.apache.hive:hive-exec
(Maven)
Dec 5, 2024
ProTip!
Advisories are also available from the
GraphQL API