GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
399 advisories
Filter by severity
Deserialization of Untrusted Data vulnerability in the message processing component of...
Critical
Unreviewed
CVE-2022-2830
was published
Sep 6, 2022
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on...
Critical
Unreviewed
CVE-2022-29063
was published
Sep 3, 2022
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1...
Critical
Unreviewed
CVE-2022-29805
was published
Aug 20, 2022
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some...
Critical
Unreviewed
CVE-2022-2870
was published
Aug 18, 2022
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation...
Critical
Unreviewed
CVE-2022-35223
was published
Aug 3, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior...
Critical
Unreviewed
CVE-2022-33318
was published
Jul 21, 2022
If an on-premise installation of the Pega Platform is configured with the port for the JMX...
Critical
Unreviewed
CVE-2022-24082
was published
Jul 20, 2022
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
Critical
Unreviewed
CVE-2021-41419
was published
Jul 19, 2022
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2022-2437
was published
Jul 19, 2022
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because...
Critical
Unreviewed
CVE-2022-35857
was published
Jul 14, 2022
The affected products are vulnerable of untrusted data due to deserialization without prior...
Critical
Unreviewed
CVE-2022-1660
was published
Jun 3, 2022
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C...
Critical
Unreviewed
CVE-2022-29875
was published
Jun 2, 2022
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure...
Critical
Unreviewed
CVE-2021-42237
was published
May 24, 2022
Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks...
Critical
Unreviewed
CVE-2019-19810
was published
May 24, 2022
Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data...
Critical
Unreviewed
CVE-2021-40719
was published
May 24, 2022
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code...
Critical
Unreviewed
CVE-2021-42090
was published
May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR...
Critical
Unreviewed
CVE-2021-40102
was published
May 24, 2022
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute...
Critical
Unreviewed
CVE-2021-39392
was published
May 24, 2022
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All...
Critical
Unreviewed
CVE-2021-37181
was published
May 24, 2022
A conference management system of ZTE is impacted by a command execution vulnerability. Since the...
Critical
Unreviewed
CVE-2021-21741
was published
May 24, 2022
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml...
Critical
Unreviewed
CVE-2021-34066
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
Critical
Unreviewed
CVE-2021-37544
was published
May 24, 2022
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure...
Critical
Unreviewed
CVE-2021-36483
was published
May 24, 2022
IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the...
Critical
Unreviewed
CVE-2021-29781
was published
May 24, 2022
Deserialization of Untrusted Data Vulnerability
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7...
Critical
Unreviewed
CVE-2020-5341
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API