GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
399 advisories
Filter by severity
Buck parser-cache command loads/saves state using Java serialized object. If the state...
Critical
Unreviewed
CVE-2018-6331
was published
May 13, 2022
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10...
Critical
Unreviewed
CVE-2019-10068
was published
May 13, 2022
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via...
Critical
Unreviewed
CVE-2016-3415
was published
May 13, 2022
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com...
Critical
Unreviewed
CVE-2017-14702
was published
May 13, 2022
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it...
Critical
Unreviewed
CVE-2017-5878
was published
May 13, 2022
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed...
Critical
Unreviewed
CVE-2018-20718
was published
May 13, 2022
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call...
Critical
Unreviewed
CVE-2018-10085
was published
May 13, 2022
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in...
Critical
Unreviewed
CVE-2018-1000641
was published
May 13, 2022
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request...
Critical
Unreviewed
CVE-2018-1000525
was published
May 13, 2022
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form...
Critical
Unreviewed
CVE-2018-1000059
was published
May 13, 2022
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10...
Critical
Unreviewed
CVE-2017-3066
was published
May 13, 2022
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote...
Critical
Unreviewed
CVE-2016-1114
was published
May 13, 2022
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and...
Critical
Unreviewed
CVE-2017-11284
was published
May 13, 2022
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and...
Critical
Unreviewed
CVE-2017-11283
was published
May 13, 2022
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have...
Critical
Unreviewed
CVE-2018-4939
was published
May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15957
was published
May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15959
was published
May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15965
was published
May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15958
was published
May 13, 2022
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to...
Critical
Unreviewed
CVE-2018-0147
was published
May 13, 2022
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5...
Critical
Unreviewed
CVE-2018-15691
was published
May 13, 2022
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote...
Critical
Unreviewed
CVE-2014-9515
was published
May 13, 2022
An exploitable code execution vulnerability exists in the Levin deserialization functionality of...
Critical
Unreviewed
CVE-2018-3972
was published
May 13, 2022
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function...
Critical
Unreviewed
CVE-2022-29363
was published
May 13, 2022
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a...
Critical
Unreviewed
CVE-2020-23620
was published
May 4, 2022
ProTip!
Advisories are also available from the
GraphQL API