GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
156 advisories
Filter by severity
OpenAM: Pre-auth RCE via Java Deserialization in WebAuthn Authenticator Storage
Critical
CVE-2026-45051
was published
for
org.openidentityplatform.openam:openam-auth-webauthn
(Maven)
Jun 24, 2026
OpenDJ Pre-Auth RCE via Java Deserialization in JMX RMI
Critical
CVE-2026-46495
was published
for
org.openidentityplatform.opendj:opendj-server-legacy
(Maven)
Jun 22, 2026
Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)
Critical
CVE-2026-42779
was published
for
org.apache.mina:mina-core
(Maven)
May 1, 2026
Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix)
Critical
CVE-2026-42778
was published
for
org.apache.mina:mina-core
(Maven)
May 1, 2026
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE
Critical
CVE-2026-41586
was published
for
org.hyperledger.fabric-sdk-java:fabric-sdk-java
(Maven)
Apr 29, 2026
Apache MINA Vulnerable to Deserialization of Untrusted Data (CVE-2024-52046 Incomplete Fix)
Critical
CVE-2026-41409
was published
for
org.apache.mina:mina-core
(Maven)
Apr 27, 2026
Apache Camel's Camel-Mail component is vulnerable to Camel message header injection
Critical
CVE-2026-33454
was published
for
org.apache.camel:camel-mail
(Maven)
Apr 27, 2026
Apache MINA vulnerable to Deserialization of Untrusted Data
Critical
CVE-2026-41635
was published
for
org.apache.mina:mina-core
(Maven)
Apr 27, 2026
OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
Critical
CVE-2026-33439
was published
for
org.openidentityplatform.openam:openam
(Maven)
Apr 7, 2026
splunk-otel-javaagent: Unsafe deserialization in RMI instrumentation may lead to Remote Code Execution
Critical
GHSA-h8w2-rv57-vc6f
was published
for
com.splunk:splunk-otel-javaagent
(Maven)
Mar 26, 2026
dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution
Critical
CVE-2026-33728
was published
for
com.datadoghq:dd-java-agent
(Maven)
Mar 26, 2026
OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution
Critical
CVE-2026-33701
was published
for
io.opentelemetry.javaagent:opentelemetry-javaagent
(Maven)
Mar 25, 2026
Apache Causeway vulnerable to deserialization in Java
Critical
CVE-2025-64408
was published
for
org.apache.causeway.commons:causeway-commons
(Maven)
Nov 19, 2025
Apache IoTDB: Deserialization of untrusted Data
Critical
CVE-2025-48459
was published
for
apache-iotdb
(Maven)
Sep 24, 2025
H2O affected by a deserialization vulnerability
Critical
CVE-2025-6544
was published
for
ai.h2o:h2o-core
(Maven)
Sep 22, 2025
Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution
Critical
CVE-2025-30065
was published
for
org.apache.parquet:parquet-avro
(Maven)
Apr 1, 2025
H2O Deserialization of Untrusted Data Vulnerability
Critical
CVE-2024-10553
was published
for
ai.h2o:h2o-core
(Maven)
Mar 20, 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Critical
CVE-2025-24813
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 10, 2025
Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution
Critical
CVE-2024-56180
was published
for
org.apache.eventmesh:eventmesh-meta-raft
(Maven)
Feb 14, 2025
Apache Ignite: Possible RCE when deserializing incoming messages by the server node
Critical
CVE-2024-52577
was published
for
org.apache.ignite:ignite-core
(Maven)
Feb 14, 2025
Apache OpenMeetings vulnerable to Deserialization of Untrusted Data
Critical
CVE-2024-54676
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Jan 8, 2025
Apache MINA Deserialization RCE Vulnerability
Critical
CVE-2024-52046
was published
for
org.apache.mina:mina-core
(Maven)
Dec 25, 2024
pac4j-core affected by a Java deserialization vulnerability
Critical
CVE-2023-25581
was published
for
org.pac4j:pac4j-core
(Maven)
Oct 11, 2024
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Critical
CVE-2024-47561
was published
for
org.apache.avro:avro
(Maven)
Oct 3, 2024
Apache Seata Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-22399
was published
for
org.apache.seata:seata-core
(Maven)
Sep 16, 2024
ProTip!
Advisories are also available from the
GraphQL API