Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Denial of service via deserialization attack in nifi Moderate
CVE-2017-15703 was published for org.apache.nifi:nifi-framework-cluster-protocol (Maven) Oct 25, 2019
XStream can cause a Denial of Service Moderate
CVE-2021-39140 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data Moderate
CVE-2022-37023 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22097 was published for org.springframework.amqp:spring-amqp (Maven) May 24, 2022
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution Moderate
CVE-2021-32828 was published for org.nuxeo.ecm.platform:nuxeo-platform-oauth (Maven) Jan 6, 2023
In the keystore library, there is a possible prevention of access to system Settings due to... Moderate Unreviewed
CVE-2022-20195 was published Jun 16, 2022
Code injection in Kubernetes Java Client Moderate
CVE-2021-25738 was published for io.kubernetes:client-java (Maven) Oct 12, 2021
The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3... Moderate Unreviewed
CVE-2019-18631 was published May 24, 2022
Deserialization of Untrusted Data in Beaker Moderate
CVE-2013-7489 was published for Beaker (pip) May 5, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted... Moderate Unreviewed
CVE-2020-4271 was published May 24, 2022
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by... Moderate Unreviewed
CVE-2020-10289 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1413 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1414 was published May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary... Moderate Unreviewed
CVE-2021-3035 was published May 24, 2022
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though... Moderate Unreviewed
CVE-2021-34393 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1415 was published May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary... Moderate Unreviewed
CVE-2021-3040 was published May 24, 2022
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with... Moderate Unreviewed
CVE-2021-34394 was published May 24, 2022
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all... Moderate Unreviewed
CVE-2022-33947 was published Aug 5, 2022
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java... Moderate Unreviewed
CVE-2020-2604 was published May 24, 2022
Deserialization of Untrusted Data in logback Moderate
CVE-2021-42550 was published for ch.qos.logback:logback-core (Maven) Dec 17, 2021
MikeMoore63
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with... Moderate Unreviewed
CVE-2021-21488 was published May 24, 2022
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context... Moderate Unreviewed
CVE-2007-1701 was published May 1, 2022
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to... Moderate Unreviewed
CVE-2016-10304 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2018-15425 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database