GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,929

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

399 advisories

Filter by severity

Sort by

Least recently updated

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter... Critical Unreviewed

CVE-2018-1000833 was published May 14, 2022

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2018-20732 was published May 14, 2022

There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute... Critical Unreviewed

CVE-2019-6503 was published May 14, 2022

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows... Critical Unreviewed

CVE-2018-9843 was published May 14, 2022

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection... Critical Unreviewed

CVE-2018-20148 was published May 14, 2022

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC... Critical Unreviewed

CVE-2017-12557 was published May 14, 2022

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that... Critical Unreviewed

CVE-2017-18365 was published May 14, 2022

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed

CVE-2018-2628 was published May 14, 2022

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote... Critical Unreviewed

CVE-2016-6793 was published May 14, 2022

The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to... Critical Unreviewed

CVE-2016-3957 was published May 14, 2022

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed

CVE-2018-3245 was published May 13, 2022

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter... Critical Unreviewed

CVE-2018-1000832 was published May 13, 2022

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized... Critical Unreviewed

CVE-2017-5830 was published May 13, 2022

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the... Critical Unreviewed

CVE-2016-9483 was published May 13, 2022

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe... Critical Unreviewed

CVE-2016-9498 was published May 13, 2022

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3... Critical Unreviewed

CVE-2017-11153 was published May 13, 2022

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed

CVE-2017-17406 was published May 13, 2022

The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1... Critical Unreviewed

CVE-2017-3207 was published May 13, 2022

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which... Critical Unreviewed

CVE-2017-7504 was published May 13, 2022

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated,... Critical Unreviewed

CVE-2018-15381 was published May 13, 2022

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote,... Critical Unreviewed

CVE-2018-15616 was published May 13, 2022

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows... Critical Unreviewed

CVE-2018-19276 was published May 13, 2022

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed

CVE-2018-1567 was published May 13, 2022

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute... Critical Unreviewed

CVE-2018-1851 was published May 13, 2022

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed

CVE-2018-1904 was published May 13, 2022

Previous 1 2 … 12 13 14 15 16 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

399 advisories