Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

579 advisories

Loading
Insecure default config of Celery worker in Apache Airflow Critical
CVE-2020-11982 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Improper Input Validation in jackson-databind Critical
CVE-2019-17267 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
Insecure Deserialization in Apache XML-RPC Critical
CVE-2019-17570 was published for org.apache.xmlrpc:xmlrpc (Maven) Jun 10, 2020
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Critical
CVE-2020-8165 was published for activesupport (RubyGems) May 26, 2020
Apache Camel Netty enables Java deserialization by default Critical
CVE-2020-11973 was published for org.apache.camel:camel-netty (Maven) May 21, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9547 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9548 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9546 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2020-8840 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 4, 2020
westonsteimel
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2019-20330 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 4, 2020
westonsteimel sunSUNQ
Deserialization of Untrusted Data in Apache Olingo Critical
CVE-2019-17556 was published for org.apache.olingo:odata-client-proxy (Maven) Feb 4, 2020
Deserialization of Untrusted Data in Log4j Critical
CVE-2019-17571 was published for log4j:log4j (Maven) Jan 6, 2020
scothale SebGondron
Deserialization of Untrusted Data in Log4j Critical
CVE-2017-5645 was published for org.apache.logging.log4j:log4j (Maven) Jan 6, 2020
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts Critical
CVE-2019-17206 was published for rediswrapper (pip) Nov 20, 2019
jackson-databind polymorphic typing issue Critical
CVE-2019-17531 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 13, 2019
jackson-databind polymorphic typing issue Critical
CVE-2019-16943 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 13, 2019
Polymorphic Typing in FasterXML jackson-databind Critical
CVE-2019-16942 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 28, 2019
sunSUNQ
Polymorphic Typing issue in FasterXML jackson-databind Critical
CVE-2019-16335 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Sep 23, 2019
Polymorphic Typing issue in FasterXML jackson-databind Critical
CVE-2019-14540 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Sep 23, 2019
sunSUNQ
Deserialization of Untrusted Data in Apache Storm Critical
CVE-2018-11779 was published for org.apache.storm:storm-kafka (Maven) Aug 1, 2019
Deserialization of Untrusted Data in EthereumJ Critical
CVE-2018-15890 was published for org.ethereum:ethereumj-core (Maven) Jul 26, 2019
Deserialization of Untrusted Data and Code Injection in xstream Critical
CVE-2019-10173 was published for com.thoughtworks.xstream:xstream (Maven) Jul 26, 2019
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-11307 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 16, 2019
sunSUNQ
Slanger Arbitrary command execution Critical
CVE-2019-1010306 was published for slanger (RubyGems) Jul 16, 2019
ipycache is vulnerable to Code Injection Critical
CVE-2019-7539 was published for ipycache (pip) Mar 25, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database