Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

399 advisories

Loading
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message... Critical Unreviewed
CVE-2021-25274 was published May 24, 2022
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace... Critical Unreviewed
CVE-2021-25758 was published May 24, 2022
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA... Critical Unreviewed
CVE-2021-3160 was published May 24, 2022
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2020-4682 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by... Critical Unreviewed
CVE-2020-27583 was published May 24, 2022
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote... Critical Unreviewed
CVE-2021-25294 was published May 24, 2022
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command... Critical Unreviewed
CVE-2020-24639 was published May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... Critical Unreviewed
CVE-2020-10658 was published May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... Critical Unreviewed
CVE-2020-10656 was published May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... Critical Unreviewed
CVE-2020-10655 was published May 24, 2022
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security... Critical Unreviewed
CVE-2020-27131 was published May 24, 2022
Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote... Critical Unreviewed
CVE-2020-5664 was published May 24, 2022
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility... Critical Unreviewed
CVE-2020-28032 was published May 24, 2022
A accessmgrservlet classname deserialization of untrusted data remote code execution... Critical Unreviewed
CVE-2020-24648 was published May 24, 2022
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe... Critical Unreviewed
CVE-2020-26867 was published May 24, 2022
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the... Critical Unreviewed
CVE-2020-6967 was published May 24, 2022
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker... Critical Unreviewed
CVE-2019-18316 was published May 24, 2022
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of... Critical Unreviewed
CVE-2019-18580 was published May 24, 2022
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow... Critical Unreviewed
CVE-2019-18364 was published May 24, 2022
A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON... Critical Unreviewed
CVE-2019-12017 was published May 24, 2022
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON... Critical Unreviewed
CVE-2019-16891 was published May 24, 2022
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow... Critical Unreviewed
CVE-2019-12630 was published May 24, 2022
A vulnerability was discovered in BMC MyIT Digital Workplace DWP before 18.11. The DWP component... Critical Unreviewed
CVE-2019-16755 was published May 24, 2022
download.php in inoERP 4.15 allows SQL injection through insecure deserialization. Critical Unreviewed
CVE-2019-16894 was published May 24, 2022
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is... Critical Unreviewed
CVE-2019-0189 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database