GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
Denial of service via deserialization attack in nifi
Moderate
CVE-2017-15703
was published
for
org.apache.nifi:nifi-framework-cluster-protocol
(Maven)
Oct 25, 2019
XStream can cause a Denial of Service
Moderate
CVE-2021-39140
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data
Moderate
CVE-2022-37023
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22097
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 24, 2022
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
Moderate
CVE-2021-32828
was published
for
org.nuxeo.ecm.platform:nuxeo-platform-oauth
(Maven)
Jan 6, 2023
In the keystore library, there is a possible prevention of access to system Settings due to...
Moderate
Unreviewed
CVE-2022-20195
was published
Jun 16, 2022
Code injection in Kubernetes Java Client
Moderate
CVE-2021-25738
was published
for
io.kubernetes:client-java
(Maven)
Oct 12, 2021
The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3...
Moderate
Unreviewed
CVE-2019-18631
was published
May 24, 2022
Deserialization of Untrusted Data in Beaker
Moderate
CVE-2013-7489
was published
for
Beaker
(pip)
May 5, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted...
Moderate
Unreviewed
CVE-2020-4271
was published
May 24, 2022
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by...
Moderate
Unreviewed
CVE-2020-10289
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and...
Moderate
Unreviewed
CVE-2021-1413
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and...
Moderate
Unreviewed
CVE-2021-1414
was published
May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary...
Moderate
Unreviewed
CVE-2021-3035
was published
May 24, 2022
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though...
Moderate
Unreviewed
CVE-2021-34393
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and...
Moderate
Unreviewed
CVE-2021-1415
was published
May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary...
Moderate
Unreviewed
CVE-2021-3040
was published
May 24, 2022
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with...
Moderate
Unreviewed
CVE-2021-34394
was published
May 24, 2022
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all...
Moderate
Unreviewed
CVE-2022-33947
was published
Aug 5, 2022
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java...
Moderate
Unreviewed
CVE-2020-2604
was published
May 24, 2022
Deserialization of Untrusted Data in logback
Moderate
CVE-2021-42550
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 17, 2021
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with...
Moderate
Unreviewed
CVE-2021-21488
was published
May 24, 2022
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context...
Moderate
Unreviewed
CVE-2007-1701
was published
May 1, 2022
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to...
Moderate
Unreviewed
CVE-2016-10304
was published
May 13, 2022
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)...
Moderate
Unreviewed
CVE-2018-15425
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API