Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

399 advisories

Loading
ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in... Critical Unreviewed
CVE-2021-35464 was published May 24, 2022
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for... Critical Unreviewed
CVE-2021-24384 was published May 24, 2022
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507... Critical Unreviewed
CVE-2021-35971 was published May 24, 2022
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to... Critical Unreviewed
CVE-2020-9493 was published May 24, 2022
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it... Critical Unreviewed
CVE-2021-33806 was published May 24, 2022
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8... Critical Unreviewed
CVE-2021-23894 was published May 24, 2022
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an... Critical Unreviewed
CVE-2021-27852 was published May 24, 2022
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. Critical Unreviewed
CVE-2021-32075 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2021-31474 was published May 24, 2022
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. Critical Unreviewed
CVE-2021-32098 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can... Critical Unreviewed
CVE-2021-29200 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.07 version Critical Unreviewed
CVE-2021-30128 was published May 24, 2022
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a... Critical Unreviewed
CVE-2021-3287 was published May 24, 2022
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted... Critical Unreviewed
CVE-2021-21524 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use... Critical Unreviewed
CVE-2021-26295 was published May 24, 2022
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute... Critical Unreviewed
CVE-2020-29045 was published May 24, 2022
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute... Critical Unreviewed
CVE-2020-29047 was published May 24, 2022
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code... Critical Unreviewed
CVE-2021-27335 was published May 24, 2022
The specific function of HR Portal of Soar Cloud System accepts any type of object to be... Critical Unreviewed
CVE-2021-22855 was published May 24, 2022
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because... Critical Unreviewed
CVE-2021-27213 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2020-27868 was published May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2021-26914 was published May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2021-26915 was published May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2021-26912 was published May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2021-26913 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database