Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
Denial of service via deserialization attack in nifi Moderate
CVE-2017-15703 was published for org.apache.nifi:nifi-framework-cluster-protocol (Maven) Oct 25, 2019
XStream can cause a Denial of Service Moderate
CVE-2021-39140 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data Moderate
CVE-2022-37023 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22097 was published for org.springframework.amqp:spring-amqp (Maven) May 24, 2022
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution Moderate
CVE-2021-32828 was published for org.nuxeo.ecm.platform:nuxeo-platform-oauth (Maven) Jan 6, 2023
In the keystore library, there is a possible prevention of access to system Settings due to... Moderate Unreviewed
CVE-2022-20195 was published Jun 16, 2022
Code injection in Kubernetes Java Client Moderate
CVE-2021-25738 was published for io.kubernetes:client-java (Maven) Oct 12, 2021
The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3... Moderate Unreviewed
CVE-2019-18631 was published May 24, 2022
Deserialization of Untrusted Data in Beaker Moderate
CVE-2013-7489 was published for Beaker (pip) May 5, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted... Moderate Unreviewed
CVE-2020-4271 was published May 24, 2022
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by... Moderate Unreviewed
CVE-2020-10289 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1413 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1414 was published May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary... Moderate Unreviewed
CVE-2021-3035 was published May 24, 2022
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though... Moderate Unreviewed
CVE-2021-34393 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1415 was published May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary... Moderate Unreviewed
CVE-2021-3040 was published May 24, 2022
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with... Moderate Unreviewed
CVE-2021-34394 was published May 24, 2022
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all... Moderate Unreviewed
CVE-2022-33947 was published Aug 5, 2022
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java... Moderate Unreviewed
CVE-2020-2604 was published May 24, 2022
Deserialization of Untrusted Data in logback Moderate
CVE-2021-42550 was published for ch.qos.logback:logback-core (Maven) Dec 17, 2021
MikeMoore63
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with... Moderate Unreviewed
CVE-2021-21488 was published May 24, 2022
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context... Moderate Unreviewed
CVE-2007-1701 was published May 1, 2022
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to... Moderate Unreviewed
CVE-2016-10304 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2018-15425 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API