GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,460 advisories
Filter by severity
Deserialization of Untrusted Data in Apache Storm
Critical
CVE-2018-11779
was published
for
org.apache.storm:storm-kafka
(Maven)
Aug 1, 2019
Deserialization of untrusted data in FasterXML jackson-databind
High
CVE-2019-14439
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Aug 1, 2019
Polymorphic Typing issue in FasterXML jackson-databind
Critical
CVE-2019-14540
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Sep 23, 2019
Polymorphic Typing issue in FasterXML jackson-databind
Critical
CVE-2019-16335
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Sep 23, 2019
Denial of service via deserialization attack in nifi
Moderate
CVE-2017-15703
was published
for
org.apache.nifi:nifi-framework-cluster-protocol
(Maven)
Oct 25, 2019
Polymorphic Typing in FasterXML jackson-databind
Critical
CVE-2019-16942
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 28, 2019
jackson-databind polymorphic typing issue
Critical
CVE-2019-16943
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Nov 13, 2019
jackson-databind polymorphic typing issue
Critical
CVE-2019-17531
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Nov 13, 2019
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
Critical
CVE-2019-17206
was published
for
rediswrapper
(pip)
Nov 20, 2019
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
High
CVE-2019-6338
was published
for
drupal/drupal
(Composer)
Dec 2, 2019
Unsafe deserialization in SmtpTransport in CakePHP
High
CVE-2019-11458
was published
for
cakephp/cakephp
(Composer)
Dec 2, 2019
Deserialization of Untrusted Data in Log4j
Critical
CVE-2017-5645
was published
for
org.apache.logging.log4j:log4j
(Maven)
Jan 6, 2020
Deserialization of Untrusted Data in Log4j
Critical
CVE-2019-17571
was published
for
log4j:log4j
(Maven)
Jan 6, 2020
Deserialization of Untrusted Data in Apache Olingo
Critical
CVE-2019-17556
was published
for
org.apache.olingo:odata-client-proxy
(Maven)
Feb 4, 2020
Deserialization of untrusted data in Symfony
High
CVE-2019-10912
was published
for
symfony/cache
(Composer)
Feb 12, 2020
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2019-20330
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2020-8840
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
Phar object injection in PHPMailer
High
CVE-2018-19296
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10672
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11620
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
Critical
CVE-2020-9546
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10969
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
Insecure Deserialization in Backend User Settings in TYPO3 CMS
High
CVE-2020-11067
was published
for
typo3/cms
(Composer)
May 13, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11619
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11113
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
ProTip!
Advisories are also available from the
GraphQL API