Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Apache Jena vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-45136 was published for org.apache.jena:jena-sdb (Maven) Nov 14, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability... Critical Unreviewed
CVE-2022-38650 was published Nov 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare... Critical Unreviewed
CVE-2022-38652 was published Nov 12, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44558 was published Nov 10, 2022
The system framework layer has a vulnerability of serialization/deserialization mismatch.... Critical Unreviewed
CVE-2022-44562 was published Nov 10, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44559 was published Nov 10, 2022
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad)... High Unreviewed
CVE-2022-41203 was published Nov 9, 2022
In telephony, there is a possible permission bypass due to a parcel format mismatch. This could... High Unreviewed
CVE-2022-32601 was published Nov 9, 2022
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording... Critical Unreviewed
CVE-2022-31199 was published Nov 8, 2022
Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non... High Unreviewed
CVE-2022-42919 was published Nov 7, 2022
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run... High Unreviewed
CVE-2022-43567 was published Nov 5, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) Low
CVE-2022-39379 was published for fluentd (RubyGems) Nov 2, 2022
p-
Credited to p-
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied... Critical Unreviewed
CVE-2022-38142 was published Nov 1, 2022
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network... Critical Unreviewed
CVE-2022-41779 was published Nov 1, 2022
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of... Critical Unreviewed
CVE-2022-44542 was published Nov 1, 2022
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an... High Unreviewed
CVE-2022-3380 was published Oct 31, 2022
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint... High Unreviewed
CVE-2022-3360 was published Oct 31, 2022
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file,... High Unreviewed
CVE-2022-3357 was published Oct 31, 2022
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro... High Unreviewed
CVE-2022-3366 was published Oct 31, 2022
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file,... High Unreviewed
CVE-2022-3334 was published Oct 31, 2022
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which... High Unreviewed
CVE-2022-3374 was published Oct 31, 2022
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An... High Unreviewed
CVE-2022-40238 was published Oct 26, 2022
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
Credited to westonsteimel
Apache Linkis subject to Remote Code Execution via deserialization High
CVE-2022-39944 was published for org.apache.linkis:linkis (Maven) Oct 26, 2022
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of... High Unreviewed
CVE-2022-3335 was published Oct 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database