GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
612 advisories
Filter by severity
Deserialization of Untrusted Data in Apache Olingo
Critical
CVE-2019-17556
was published
for
org.apache.olingo:odata-client-proxy
(Maven)
Feb 4, 2020
Critical severity vulnerability that affects org.apache.solr:solr-core
Critical
CVE-2019-0192
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-19361
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Unauthenticated Remote Code Execution in Apache JMeter
Critical
CVE-2019-0187
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
Mar 7, 2019
Remote Code Execution in AjaxNetProfessional
Critical
GHSA-6r7c-6w96-8pvw
was published
for
AjaxNetProfessional
(NuGet)
Dec 7, 2021
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp....
Critical
Unreviewed
CVE-2022-4890
was published
Jan 16, 2023
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation...
Critical
Unreviewed
CVE-2021-27470
was published
Mar 24, 2022
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting...
Critical
Unreviewed
CVE-2021-27460
was published
Mar 24, 2022
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation...
Critical
Unreviewed
CVE-2021-27462
was published
Mar 24, 2022
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell...
Critical
Unreviewed
CVE-2021-27466
was published
Mar 24, 2022
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this...
Critical
Unreviewed
CVE-2020-19229
was published
Apr 6, 2022
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an...
Critical
Unreviewed
CVE-2021-33207
was published
Apr 6, 2022
Remote Code Execution in Laravel
Critical
CVE-2021-43503
was published
for
laravel/laravel
(Composer)
Apr 9, 2022
•
withdrawn
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1...
Critical
Unreviewed
CVE-2022-23450
was published
Apr 13, 2022
pearweb < 1.32 suffers from Deserialization of Untrusted Data.
Critical
Unreviewed
CVE-2022-27158
was published
Apr 16, 2022
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later...
Critical
Unreviewed
CVE-2022-26133
was published
Apr 21, 2022
Deserialization of Untrusted Data in Jenkins
Critical
CVE-2017-1000353
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jython
Critical
CVE-2016-4000
was published
for
org.python:jython
(Maven)
May 13, 2022
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes...
Critical
Unreviewed
CVE-2021-32935
was published
May 24, 2022
Deserialization of Untrusted Data in JYaml
Critical
CVE-2020-8441
was published
for
org.jyaml:jyaml
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Spring AMQP
Critical
CVE-2017-8045
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 17, 2022
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility...
Critical
Unreviewed
CVE-2020-28032
was published
May 24, 2022
ThinkPHP deserialization vulnerability
Critical
CVE-2022-38352
was published
for
topthink/framework
(Composer)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API