Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

553 advisories

Loading
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on... Critical Unreviewed
CVE-2022-29063 was published Sep 3, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2020-27868 was published May 24, 2022
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because... Critical Unreviewed
CVE-2021-27213 was published May 24, 2022
The specific function of HR Portal of Soar Cloud System accepts any type of object to be... Critical Unreviewed
CVE-2021-22855 was published May 24, 2022
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code... Critical Unreviewed
CVE-2021-27335 was published May 24, 2022
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute... Critical Unreviewed
CVE-2020-29047 was published May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... Critical Unreviewed
CVE-2020-10658 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can... Critical Unreviewed
CVE-2021-29200 was published May 24, 2022
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA... Critical Unreviewed
CVE-2021-3160 was published May 24, 2022
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. Critical Unreviewed
CVE-2021-32075 was published May 24, 2022
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted... Critical Unreviewed
CVE-2021-21524 was published May 24, 2022
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message... Critical Unreviewed
CVE-2021-25274 was published May 24, 2022
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to... Critical Unreviewed
CVE-2020-9493 was published May 24, 2022
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. Critical Unreviewed
CVE-2021-32098 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2021-31474 was published May 24, 2022
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute... Critical Unreviewed
CVE-2020-29045 was published May 24, 2022
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it... Critical Unreviewed
CVE-2021-33806 was published May 24, 2022
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a... Critical Unreviewed
CVE-2021-3287 was published May 24, 2022
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507... Critical Unreviewed
CVE-2021-35971 was published May 24, 2022
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for... Critical Unreviewed
CVE-2021-24384 was published May 24, 2022
ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in... Critical Unreviewed
CVE-2021-35464 was published May 24, 2022
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary... Critical Unreviewed
CVE-2021-38241 was published Dec 17, 2022
IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the... Critical Unreviewed
CVE-2021-29781 was published May 24, 2022
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7... Critical Unreviewed
CVE-2020-5341 was published May 24, 2022
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure... Critical Unreviewed
CVE-2021-36483 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API