GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
631 advisories
Filter by severity
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It...
High
Unreviewed
CVE-2020-25260
was published
May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses...
High
Unreviewed
CVE-2020-25259
was published
May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39141
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39153
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11
High
CVE-2022-37022
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39146
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39145
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Jenkins
High
CVE-2017-2608
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
High
CVE-2021-4118
was published
for
pytorch-lightning
(pip)
Jan 6, 2022
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360...
High
Unreviewed
CVE-2021-21956
was published
Apr 15, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker...
High
Unreviewed
CVE-2019-6834
was published
Apr 14, 2022
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an...
High
Unreviewed
CVE-2022-20763
was published
Apr 7, 2022
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater...
High
Unreviewed
CVE-2022-1032
was published
Mar 30, 2022
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects...
High
Unreviewed
CVE-2021-27475
was published
Mar 24, 2022
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x...
High
Unreviewed
CVE-2022-26503
was published
Mar 18, 2022
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users...
High
Unreviewed
CVE-2022-23940
was published
Mar 11, 2022
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object...
High
Unreviewed
CVE-2023-22850
was published
Jan 14, 2023
The Anti-Malware Security and Brute-Force Firewall WordPress plugin through 4.21.85 is prone to a...
High
Unreviewed
CVE-2022-4327
was published
Jan 16, 2023
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied...
High
Unreviewed
CVE-2022-41778
was published
Jan 13, 2023
Arbitrary Code Execution in Cookie Serialization
High
CVE-2017-1000053
was published
for
plug
(Erlang)
Apr 12, 2022
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
High
GHSA-3w6p-8f82-gw8r
was published
for
ru.yandex.clickhouse:clickhouse-jdbc-bridge
(Maven)
Dec 17, 2021
ProTip!
Advisories are also available from the
GraphQL API