GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
Apache Camel camel-hessian component vulnerable to Java object deserialization
Critical
CVE-2017-12633
was published
for
org.apache.camel:camel-hessian
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Infinispan
High
CVE-2017-15089
was published
for
org.infinispan:infinispan-core
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Jenkins
High
CVE-2017-2608
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Spring-flex
High
CVE-2017-3203
was published
for
org.springframework.flex:spring-flex
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Flamingo amf-serializer
Critical
CVE-2017-3202
was published
for
com.exadel.flamingo.flex:amf-serializer
(Maven)
May 13, 2022
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider
High
CVE-2018-1051
was published
for
org.jboss.resteasy:resteasy-yaml-provider
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Infinispan
High
CVE-2018-1131
was published
for
org.infinispan:infinispan-core
(Maven)
May 13, 2022
Jenkins CLI Deserialization of Untrusted Data vulnerability
Critical
CVE-2015-8103
was published
for
org.jenkins-ci.main:cli
(Maven)
May 13, 2022
GraniteDS Insecure Deserialization
High
CVE-2017-3200
was published
for
org.graniteds:granite-server-core
(Maven)
May 13, 2022
GraniteDS Insecure Deserialization
High
CVE-2017-3199
was published
for
org.graniteds:granite-core
(Maven)
May 13, 2022
Apache Tapestry Unsafe Object Storage
High
CVE-2014-1972
was published
for
org.apache.tapestry:tapestry-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Apache commons collections
Critical
CVE-2015-7501
was published
for
commons-collections:commons-collections
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jython
Critical
CVE-2016-4000
was published
for
org.python:jython
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Groovy
Critical
CVE-2016-6814
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Apache MyFaces Trinidad Deserialization Vulnerability
Critical
CVE-2016-5019
was published
for
org.apache.myfaces.trinidad:trinidad
(Maven)
May 13, 2022
Pippo RCE Vulnerability
Critical
CVE-2018-18240
was published
for
ro.pippo:pippo-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Apache Batik
Critical
CVE-2018-8013
was published
for
org.apache.xmlgraphics:batik
(Maven)
May 13, 2022
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
High
CVE-2016-4978
was published
for
org.apache.activemq:artemis-pom
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Spring Security
High
CVE-2017-4995
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
Apache Flex BlazeDS unsafe deserialization
Critical
CVE-2017-5641
was published
for
org.apache.flex.blazeds:flex-messaging-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jenkins
Critical
CVE-2017-1000353
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jenkins
Critical
CVE-2018-1000861
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
Critical
CVE-2022-25767
was published
for
com.bstek.ureport:ureport2-console
(Maven)
May 3, 2022
Deserialization of Untrusted Data in Gson
High
CVE-2022-25647
was published
for
com.google.code.gson:gson
(Maven)
May 3, 2022
Deserialization of Untrusted Data in Apache Dubbo
Critical
CVE-2021-30179
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
ProTip!
Advisories are also available from the
GraphQL API