Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,269
NuGet
760
pip
4,062
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution Moderate
CVE-2021-32828 was published for org.nuxeo.ecm.platform:nuxeo-platform-oauth (Maven) Jan 6, 2023
Apache Dubbo vulnerable to remote code execution via Telnet Handler Critical
CVE-2021-32824 was published for org.apache.dubbo:dubbo-parent (Maven) Jan 3, 2023
The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it... High Unreviewed
CVE-2022-4237 was published Jan 3, 2023
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported... High Unreviewed
CVE-2022-4324 was published Jan 3, 2023
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings... High Unreviewed
CVE-2022-4302 was published Jan 3, 2023
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow High
CVE-2022-40151 was published for com.thoughtworks.xstream:xstream (Maven) Dec 30, 2022
XStream can cause Denial of Service via stack overflow High
CVE-2022-41966 was published for com.thoughtworks.xstream:xstream (Maven) Dec 29, 2022
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6... Critical Unreviewed
CVE-2022-4120 was published Dec 26, 2022
The system tool has inconsistent serialization and deserialization. Successful exploitation of... High Unreviewed
CVE-2022-41596 was published Dec 20, 2022
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary... Critical Unreviewed
CVE-2021-38241 was published Dec 17, 2022
replicator vulnerable to Deserialization of Untrusted Data Critical
CVE-2021-33420 was published for replicator (npm) Dec 15, 2022
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Credited to justintaft, securisec, JLLeitschuh, DmitriyLewen, yairmzr, and pjfanning
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the... Critical Unreviewed
CVE-2022-3900 was published Dec 12, 2022
The Shortcodes and extra features for Phlox WordPress plugin through 2.10.5 unserializes the... High Unreviewed
CVE-2022-3359 was published Dec 12, 2022
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin... Critical Unreviewed
CVE-2022-44351 was published Dec 7, 2022
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). Critical Unreviewed
CVE-2022-44371 was published Dec 7, 2022
Apache Tapestry allows deserialization of untrusted data Critical
CVE-2022-46366 was published for org.apache.tapestry:tapestry-core (Maven) Dec 2, 2022
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed
CVE-2022-36964 was published Nov 29, 2022
The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0... High Unreviewed
CVE-2022-3490 was published Nov 28, 2022
Prevent RCE when deserializing untrusted user input High
CVE-2022-41922 was published for yiisoft/yii (Composer) Nov 21, 2022
fi3wey
Credited to fi3wey
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and... High Unreviewed
CVE-2022-3861 was published Nov 21, 2022
Deserialization of Untrusted Data in librenms/librenms High
CVE-2022-3525 was published for librenms/librenms (Composer) Nov 20, 2022
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. High Unreviewed
CVE-2022-45077 was published Nov 18, 2022
Unsafe deserialization in Apache MINA SSHD Critical
CVE-2022-45047 was published for org.apache.sshd:sshd-common (Maven) Nov 16, 2022
pavelarnost
Credited to pavelarnost
Apache SOAP contains unauthenticated RPCRouterServlet Critical
CVE-2022-45378 was published for soap:soap (Maven) Nov 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database