Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,371 advisories

Loading
Akamai CloudTest before 58.30 allows remote code execution. Critical Unreviewed
CVE-2019-11011 was published May 24, 2022
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and... Moderate Unreviewed
CVE-2019-0305 was published May 24, 2022
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via... High Unreviewed
CVE-2019-11080 was published May 24, 2022
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC)... High Unreviewed
CVE-2019-5350 was published May 24, 2022
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC)... High Unreviewed
CVE-2019-11950 was published May 24, 2022
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC)... High Unreviewed
CVE-2019-11956 was published May 24, 2022
In Godot through 3.1, remote code execution is possible due to the deserialization policy not... Critical Unreviewed
CVE-2019-10069 was published May 24, 2022
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in... Critical Unreviewed
CVE-2019-9874 was published May 24, 2022
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an... High Unreviewed
CVE-2019-9875 was published May 24, 2022
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in... Critical Unreviewed
CVE-2019-6980 was published May 24, 2022
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. High Unreviewed
CVE-2017-18375 was published May 24, 2022
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php... High Unreviewed
CVE-2016-10753 was published May 24, 2022
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or... Critical Unreviewed
CVE-2019-12240 was published May 24, 2022
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source... Critical Unreviewed
CVE-2019-12241 was published May 24, 2022
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2019-4279 was published May 24, 2022
A vulnerability has been identified in LOGO! Soft Comfort (All versions). The vulnerability could... High Unreviewed
CVE-2019-10924 was published May 24, 2022
An attacker could send a specifically crafted payload to the XML-RPC invocation script and... Critical Unreviewed
CVE-2019-5434 was published May 24, 2022
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An... Critical Unreviewed
CVE-2019-7214 was published May 24, 2022
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes... Critical Unreviewed
CVE-2021-32935 was published May 24, 2022
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a... Critical Unreviewed
CVE-2022-24108 was published May 18, 2022
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and... High Unreviewed
CVE-2022-1118 was published May 18, 2022
eDeploy has RCE via cPickle deserialization of untrusted data Critical Unreviewed
CVE-2014-3699 was published May 17, 2022
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote... High Unreviewed
CVE-2016-7065 was published May 17, 2022
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured... Critical Unreviewed
CVE-2016-6330 was published May 17, 2022
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2016-6199 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database