Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

21 advisories

Loading
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments Moderate
CVE-2026-48517 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
AArnott Credited to AArnott
Remote Code Execution in AjaxNetProfessional Critical
CVE-2021-23758 was published for AjaxNetProfessional (NuGet) Dec 7, 2021
h0ng10 Credited to h0ng10 and mwulftange mwulftange mwulftange
Duplicate Advisory: Remote Code Execution in AjaxNetProfessional Critical
GHSA-74r6-grj9-8rq6 was published for AjaxNetProfessional (NuGet) Dec 16, 2021 withdrawn
chudyPB Credited to chudyPB
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer) High
CVE-2025-66631 was published for Csla (NuGet) Dec 8, 2025
rockfordlhotka Credited to rockfordlhotka and Outurnate Outurnate Outurnate
Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability Critical
CVE-2025-54539 was published for Apache.NMS.AMQP (NuGet) Oct 16, 2025
Infinite loop condition in Amazon.IonDotnet High
CVE-2025-3857 was published for Amazon.IonDotnet (NuGet) Apr 21, 2025
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability Critical
CVE-2025-29953 was published for Apache.NMS.ActiveMQ (NuGet) Apr 18, 2025
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability High
CVE-2024-43383 was published for Lucene.Net.Replicator (NuGet) Oct 31, 2024
.NET Denial of Service Vulnerability High
CVE-2023-21538 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jan 10, 2023
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 Credited to jsk95 and ashmind ashmind ashmind
QuantConnect Lean vulnerable to insecure deserialization Critical
CVE-2020-20136 was published for QuantConnect.Common (NuGet) May 24, 2022
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution. Critical
CVE-2022-39256 was published for CompositeC1.Core (NuGet) Sep 30, 2022
tdunlap607 Credited to tdunlap607
LiteDB may deserialize bad JSON on object type using _type Critical
CVE-2022-23535 was published for LiteDB (NuGet) Feb 24, 2023
MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data High
CVE-2022-48282 was published for MongoDB.Driver (NuGet) Feb 21, 2023
Remote Code Execution in Halibut Critical
CVE-2021-31819 was published for Halibut (NuGet) Sep 23, 2021
Insecure deserialization in Wire Critical
CVE-2021-29508 was published for Wire (NuGet) May 19, 2021
Deserialization of Untrusted Data in SinGooCMS.Utility Critical
CVE-2022-0749 was published for SinGooCMS.Utility (NuGet) Mar 18, 2022
Deserialization of Untrusted Data in NancyFX Nancy Critical
CVE-2017-9785 was published for Nancy (NuGet) May 17, 2022
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed High
CVE-2018-1000210 was published for YamlDotNet (NuGet) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API