GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
Deserialization of Untrusted Data in Liferay Portal
Critical
CVE-2020-7961
was published
for
com.liferay.portal:com.liferay.portal.kernel
(Maven)
May 24, 2022
Remote Code Execution vulnerability in Jenkins Literate Plugin
High
CVE-2020-2158
was published
for
org.jenkins-ci.plugins:literate
(Maven)
May 24, 2022
Deserialization of Untrusted Data in JYaml
Critical
CVE-2020-8441
was published
for
org.jyaml:jyaml
(Maven)
May 24, 2022
RCE vulnerability in RadarGun Plugin
High
CVE-2020-2123
was published
for
org.jenkins-ci.plugins:radargun
(Maven)
May 24, 2022
RCE vulnerability in Google Kubernetes Engine Plugin
High
CVE-2020-2121
was published
for
org.jenkins-ci.plugins:google-kubernetes-engine
(Maven)
May 24, 2022
Pivotal Spring Framework contains unsafe Java deserialization methods
Critical
CVE-2016-1000027
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Mulesoft Mule Unsafe Deserialization
Critical
CVE-2019-13116
was published
for
org.mule.runtime:mule
(Maven)
May 24, 2022
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Critical
CVE-2019-10202
was published
for
org.codehaus.jackson:jackson-mapper-asl
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Hazelcast
High
CVE-2016-10750
was published
for
com.hazelcast:hazelcast
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Apache Tomcat
High
CVE-2013-2185
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Restlet Arbitrary Java Code Execution via a serialized object
High
CVE-2013-4271
was published
for
org.restlet.jse:org.restlet
(Maven)
May 17, 2022
Deserialization of Untrusted Data in Apache Brooklyn
High
CVE-2016-8744
was published
for
org.apache.brooklyn:brooklyn
(Maven)
May 17, 2022
Apache James Privilege Escalation
High
CVE-2017-12628
was published
for
org.apache.james:james-project
(Maven)
May 17, 2022
Deserialization of Untrusted Data in Spring AMQP
Critical
CVE-2017-8045
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 17, 2022
Deserialization of Untrusted Data in Jenkins
Moderate
CVE-2017-1000355
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin
High
CVE-2018-1000058
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
May 14, 2022
Apache Geode unsafe deserialization of application objects
High
CVE-2017-15693
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Apache Geode unsafe deserialization in TcpServer
Critical
CVE-2017-15692
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Apache OpenJPA
High
CVE-2013-1768
was published
for
org.apache.openjpa:openjpa
(Maven)
May 14, 2022
Apache NiFi JMS Deserialization issue
High
CVE-2018-1310
was published
for
org.apache.nifi:nifi
(Maven)
May 14, 2022
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
Moderate
CVE-2011-2894
was published
for
org.springframework.security:spring-security-core
(Maven)
May 14, 2022
Apache XML-RPC vulnerable to Deserialization of Untrusted Data
Critical
CVE-2016-5003
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
May 14, 2022
Apache OpenMeetings RCE
Critical
CVE-2016-8736
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Jenkins
Moderate
CVE-2018-1999042
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
RubyGems Deserialization of Untrusted Data vulnerability
High
CVE-2018-1000074
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API