Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
Unsafe Deserialization in jackson-databind High
CVE-2020-36182 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-24750 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
westonsteimel
Serialization gadget exploit in jackson-databind High
CVE-2020-35728 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Serialization gadgets exploit in jackson-databind High
CVE-2020-35491 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
mpihelgas
Serialization gadgets exploit in jackson-databind High
CVE-2020-35490 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
sunSUNQ
Code Injection in jackson-databind High
CVE-2020-24616 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36186 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 19, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter High
CVE-2021-23441 was published for com.jsoniter:jsoniter (Maven) Sep 20, 2021 withdrawn
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39139 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39141 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-39144 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39145 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Li4n0
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39146 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39147 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39148 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39149 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39150 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39152 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39153 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39154 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ka1n4t
Deserialization of Untrusted Data in Apache Camel RabbitMQ High
CVE-2020-11972 was published for org.apache.camel:camel-rabbitmq (Maven) May 21, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
"Deserialization errors in MyBatis" High
CVE-2020-26945 was published for org.mybatis:mybatis (Maven) Apr 22, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database