GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,498

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

367 advisories

Filter by severity

Sort by

Least recently updated

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in... Critical Unreviewed

CVE-2018-1000641 was published May 13, 2022

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request... Critical Unreviewed

CVE-2018-1000525 was published May 13, 2022

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form... Critical Unreviewed

CVE-2018-1000059 was published May 13, 2022

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote... Critical Unreviewed

CVE-2016-1114 was published May 13, 2022

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10... Critical Unreviewed

CVE-2017-3066 was published May 13, 2022

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed

CVE-2018-15957 was published May 13, 2022

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have... Critical Unreviewed

CVE-2018-4939 was published May 13, 2022

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed

CVE-2017-11284 was published May 13, 2022

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed

CVE-2017-11283 was published May 13, 2022

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed

CVE-2018-15965 was published May 13, 2022

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed

CVE-2018-15959 was published May 13, 2022

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed

CVE-2018-15958 was published May 13, 2022

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to... Critical Unreviewed

CVE-2018-0147 was published May 13, 2022

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5... Critical Unreviewed

CVE-2018-15691 was published May 13, 2022

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote... Critical Unreviewed

CVE-2014-9515 was published May 13, 2022

An exploitable code execution vulnerability exists in the Levin deserialization functionality of... Critical Unreviewed

CVE-2018-3972 was published May 13, 2022

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function... Critical Unreviewed

CVE-2022-29363 was published May 13, 2022

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a... Critical Unreviewed

CVE-2020-23620 was published May 4, 2022

The Java Remote Management Interface of all versions of SVI MS Management System was discovered... Critical Unreviewed

CVE-2020-23621 was published May 4, 2022

An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. Critical Unreviewed

CVE-2022-29528 was published Apr 22, 2022

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later... Critical Unreviewed

CVE-2022-26133 was published Apr 21, 2022

Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces)... Critical Unreviewed

CVE-2022-21445 was published Apr 20, 2022

pearweb < 1.32 suffers from Deserialization of Untrusted Data. Critical Unreviewed

CVE-2022-27158 was published Apr 16, 2022

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1... Critical Unreviewed

CVE-2022-23450 was published Apr 13, 2022

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an... Critical Unreviewed

CVE-2021-33207 was published Apr 6, 2022

Previous 1 2 … 11 12 13 14 15 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

367 advisories