Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

686 advisories

Loading
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent... High Unreviewed
CVE-2016-4483 was published May 13, 2022
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11111 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11112 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 10, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11619 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14893 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state... High Unreviewed
CVE-2018-15686 was published May 13, 2022
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the ... High Unreviewed
CVE-2022-1463 was published May 11, 2022
The Shortcodes and extra features for Phlox WordPress plugin through 2.10.5 unserializes the... High Unreviewed
CVE-2022-3359 was published Dec 12, 2022
Apache InLong vulnerable to Deserialization of Untrusted Data High
CVE-2022-40955 was published for org.apache.inlong:inlong-common (Maven) Sep 21, 2022
RCE vulnerability in Jenkins DotCi Plugin High
CVE-2022-41237 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
RCE vulnerability in Jenkins Azure Container Service Plugin High
CVE-2020-2168 was published for org.jenkins-ci.plugins:azure-acs (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin High
CVE-2020-2166 was published for de.taimos:pipeline-aws (Maven) May 24, 2022
NotMyFault
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad)... High Unreviewed
CVE-2022-41203 was published Nov 9, 2022
In telephony, there is a possible permission bypass due to a parcel format mismatch. This could... High Unreviewed
CVE-2022-32601 was published Nov 9, 2022
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2... High Unreviewed
CVE-2021-24307 was published May 24, 2022
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A... High Unreviewed
CVE-2016-9045 was published May 13, 2022
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to... High Unreviewed
CVE-2021-26558 was published May 24, 2022
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code... High Unreviewed
CVE-2022-29936 was published Apr 30, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2021-34992 was published May 24, 2022
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file,... High Unreviewed
CVE-2022-3334 was published Oct 31, 2022
RCE vulnerability in Google Kubernetes Engine Plugin High
CVE-2020-2121 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
NotMyFault
Project files are stored memory objects in the form of binary serialized data that can later be... High Unreviewed
CVE-2021-42698 was published May 24, 2022
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which... High Unreviewed
CVE-2022-3374 was published Oct 31, 2022
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file,... High Unreviewed
CVE-2022-3357 was published Oct 31, 2022
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint... High Unreviewed
CVE-2022-3360 was published Oct 31, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database