GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
521 advisories
Filter by severity
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Moderate
CVE-2024-45772
was published
for
org.apache.lucene:lucene-replicator
(Maven)
Sep 30, 2024
shared_preferences_android vulnerability
Low
GHSA-3hpf-ff72-j67p
was published
for
shared_preferences_android
(Pub)
Dec 6, 2024
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
High
CVE-2022-41137
was published
for
org.apache.hive:hive-exec
(Maven)
Dec 5, 2024
Borsh serialization of HashMap is non-canonical
High
GHSA-wwq9-3cpr-mm53
was published
for
hashbrown
(Rust)
Dec 4, 2024
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
logback serialization vulnerability
High
CVE-2023-6378
was published
for
ch.qos.logback:logback-classic
(Maven)
Nov 29, 2023
Apache Spark Deserialization of Untrusted Data vulnerability
High
CVE-2017-12612
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
H2O vulnerable to Deserialization of Untrusted Data
High
CVE-2024-6960
was published
for
ai.h2o:h2o-core
(Maven)
Jul 21, 2024
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
High
CVE-2023-6267
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Jan 25, 2024
transformers has a Deserialization of Untrusted Data vulnerability
High
CVE-2023-7018
was published
for
transformers
(pip)
Dec 20, 2023
transformers has a Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-6730
was published
for
transformers
(pip)
Dec 19, 2023
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Low
CVE-2023-49297
was published
for
PyDrive2
(pip)
Dec 5, 2023
Pickle serialization vulnerable to Deserialization of Untrusted Data
High
CVE-2023-23930
was published
for
vantage6
(pip)
Oct 13, 2023
transmute-core unsafe YAML deserialization vulnerability
Critical
CVE-2023-47204
was published
for
transmute-core
(pip)
Nov 2, 2023
Deserialization of Untrusted Data in dompdf/dompdf
Critical
CVE-2021-3838
was published
for
dompdf/dompdf
(Composer)
Nov 15, 2024
FileManager Deserialization of Untrusted Data vulnerability
High
CVE-2024-52306
was published
for
backpack/filemanager
(Composer)
Nov 13, 2024
Apache Seata Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-22399
was published
for
org.apache.seata:seata-core
(Maven)
Sep 16, 2024
LangChain pickle deserialization of untrusted data
High
CVE-2024-5998
was published
for
langchain-community
(pip)
Sep 17, 2024
RDoc RCE vulnerability with .rdoc_options
Low
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
Arbitrary code execution due to YAML deserialization
High
CVE-2021-37678
was published
for
tensorflow
(pip)
Aug 25, 2021
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
High
CVE-2024-47072
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 7, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured
High
CVE-2023-34040
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Aug 24, 2023
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability
High
CVE-2024-43383
was published
for
Lucene.Net.Replicator
(NuGet)
Oct 31, 2024
ThinkPHP deserialization vulnerability
High
CVE-2024-48112
was published
for
topthink/thinkphp
(Composer)
Oct 30, 2024
ProTip!
Advisories are also available from the
GraphQL API