Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

169 advisories

Loading
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property High
CVE-2026-27830 was published for com.mchange:c3p0 (Maven) Feb 25, 2026
dpp Credited to dpp
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp Credited to dpp
Apache Camel Deserializes Untrusted Data in its LevelDB Component High
CVE-2026-25747 was published for org.apache.camel:camel-leveldb (Maven) Feb 23, 2026
Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization High
CVE-2025-66524 was published for org.apache.nifi:nifi-asana-processors (Maven) Dec 19, 2025
Apache HugeGraph-Server: RAFT and deserialization vulnerability High
CVE-2025-26866 was published for org.apache.hugegraph:hg-pd-core (Maven) Dec 12, 2025
JasperReports has a Java deserialisation vulnerability High
CVE-2025-10492 was published for net.sf.jasperreports:jasperreports (Maven) Sep 16, 2025
tremblaysimon Credited to tremblaysimon
Apache Seata: Deserialization of untrusted Data in Apache Seata Server High
CVE-2025-53606 was published for org.apache.seata:seata-serializer-fury (Maven) Aug 8, 2025
PowSyBl Core allows deserialization of untrusted SparseMatrix data High
CVE-2025-47771 was published for com.powsybl:powsybl-math (Maven) Jun 19, 2025
arthurscchan Credited to arthurscchan, AdamKorcz, olperr1, and rolnico AdamKorcz AdamKorcz
olperr1 olperr1 rolnico rolnico
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27819 was published for org.apache.kafka:kafka_2.10 (Maven) Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27818 was published for org.apache.kafka:kafka_2.11 (Maven) Jun 10, 2025
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2025-27531 was published for org.apache.inlong:inlong-manager (Maven) Jun 6, 2025
Apache InLong: JDBC Vulnerability during verification processing High
CVE-2025-27522 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
jooby-pac4j: deserialization of untrusted data High
CVE-2025-31129 was published for io.jooby:jooby-pac4j (Maven) Apr 1, 2025
cwm1123 Credited to cwm1123
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore High
CVE-2022-41137 was published for org.apache.hive:hive-exec (Maven) Dec 5, 2024
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul Credited to DarkaMaul
SOFA Hessian Remote Command Execution (RCE) Vulnerability High
CVE-2024-46983 was published for com.alipay.sofa:hessian (Maven) Sep 19, 2024
unam4 Credited to unam4 and springkill springkill springkill
H2O vulnerable to Deserialization of Untrusted Data High
CVE-2024-6960 was published for ai.h2o:h2o-core (Maven) Jul 21, 2024
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability High
CVE-2023-49566 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Apache Linkis DataSource remote code execution vulnerability High
CVE-2023-46801 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service High
CVE-2024-22871 was published for org.clojure:clojure (Maven) Feb 29, 2024
puredanger Credited to puredanger
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Deserialization of Untrusted Data in Apache Camel CassandraQL High
CVE-2024-23114 was published for org.apache.camel:camel-cassandraql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability High
CVE-2023-6267 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Jan 25, 2024
Apache InLong Manager Arbitrary File Read Vulnerability High
CVE-2023-51785 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
logback serialization vulnerability High
CVE-2023-6378 was published for ch.qos.logback:logback-classic (Maven) Nov 29, 2023
jakehall-gocity Credited to jakehall-gocity, bvahdat, mpenttila, liaodaniel, and peppers-joseph bvahdat bvahdat
mpenttila mpenttila liaodaniel liaodaniel peppers-joseph peppers-joseph
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database