Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

311 advisories

Loading
Unsafe Deserialization that can Result in Code Execution High
CVE-2020-36282 was published for com.rabbitmq.jms:rabbitmq-jms (Maven) Dec 10, 2021
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36189 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36187 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36188 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36183 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36184 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36180 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36181 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36185 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36179 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36182 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-24750 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
westonsteimel
Serialization gadget exploit in jackson-databind High
CVE-2020-35728 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Serialization gadgets exploit in jackson-databind High
CVE-2020-35491 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
mpihelgas
Serialization gadgets exploit in jackson-databind High
CVE-2020-35490 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
sunSUNQ
Code Injection in jackson-databind High
CVE-2020-24616 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22095 was published for org.springframework.amqp:spring-amqp (Maven) Dec 1, 2021
SunBK201
Unsafe Deserialization in jackson-databind High
CVE-2020-36186 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 19, 2021
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm Critical
CVE-2021-40865 was published for org.apache.storm:storm (Maven) Oct 27, 2021
Code injection in Kubernetes Java Client Moderate
CVE-2021-25738 was published for io.kubernetes:client-java (Maven) Oct 12, 2021
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils Critical
CVE-2021-41616 was published for org.apache.ddlutils:ddlutils (Maven) Oct 4, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter High
CVE-2021-23441 was published for com.jsoniter:jsoniter (Maven) Sep 20, 2021 withdrawn
Security check skip in Apache Dubbo Critical
CVE-2021-37579 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
Hessian protocol configuration vulnerability in Apache Dubbo Critical
CVE-2021-36163 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
ProTip! Advisories are also available from the GraphQL API