Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

686 advisories

Loading
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users... High Unreviewed
CVE-2022-23940 was published Mar 11, 2022
A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to... High Unreviewed
CVE-2022-24282 was published Mar 9, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... High Unreviewed
CVE-2022-0138 was published Feb 19, 2022
Deserialization of untrusted data in Apache Cayenne High
CVE-2022-24289 was published for org.apache.cayenne:cayenne-server (Maven) Feb 12, 2022
In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization... High Unreviewed
CVE-2021-39676 was published Feb 12, 2022
Deserialization of Untrusted Data in Magnolia CMS High
CVE-2021-46364 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Gadget chain attack in Nippy High
CVE-2020-24164 was published for com.taoensso:nippy (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache ShardingSphere High
CVE-2020-1947 was published for org.apache.shardingsphere:shardingsphere (Maven) Feb 10, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-22005 was published Feb 10, 2022
Arbitrary code execution in Apache ServiceComb java-chassis High
CVE-2020-17532 was published for org.apache.servicecomb:java-chassis (Maven) Feb 9, 2022
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading... High Unreviewed
CVE-2021-42631 was published Feb 1, 2022
Insecure Java Deserialization in Apache Karaf High
CVE-2021-41766 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Jan 28, 2022
Deserialization of Untrusted Data in Log4j 1.x High
CVE-2022-23302 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron
pytorch-lightning is vulnerable to Deserialization of Untrusted Data High
CVE-2021-4118 was published for pytorch-lightning (pip) Jan 6, 2022
akihironitta
Deserialization of Untrusted Data in Codeigniter4 High
CVE-2022-21647 was published for codeigniter4/framework (Composer) Jan 6, 2022
Deserialization of Untrusted Data in Apache Heron High
CVE-2020-1964 was published for org.apache.heron:heron-simulator (Maven) Jan 6, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 ashmind
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A... High Unreviewed
CVE-2021-20318 was published Dec 24, 2021
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data High
GHSA-3w6p-8f82-gw8r was published for ru.yandex.clickhouse:clickhouse-jdbc-bridge (Maven) Dec 17, 2021
In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization... High Unreviewed
CVE-2021-0928 was published Dec 16, 2021
In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization... High Unreviewed
CVE-2021-0970 was published Dec 16, 2021
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data High
CVE-2021-4104 was published for log4j:log4j (Maven) Dec 14, 2021
SebGondron
Unsafe Deserialization that can Result in Code Execution High
CVE-2020-36282 was published for com.rabbitmq.jms:rabbitmq-jms (Maven) Dec 10, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36189 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database