Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,372 advisories

Loading
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2016-6199 was published May 17, 2022
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML... Critical Unreviewed
CVE-2017-5983 was published May 17, 2022
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code... High Unreviewed
CVE-2017-8829 was published May 17, 2022
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to... Critical Unreviewed
CVE-2017-9363 was published May 17, 2022
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux... Critical Unreviewed
CVE-2016-7050 was published May 17, 2022
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2016-3690 was published May 17, 2022
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2017-9424 was published May 17, 2022
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi... Critical Unreviewed
CVE-2017-9830 was published May 17, 2022
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize... Critical Unreviewed
CVE-2016-0360 was published May 17, 2022
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization... Critical Unreviewed
CVE-2017-4914 was published May 17, 2022
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely... Moderate Unreviewed
CVE-2011-2520 was published May 17, 2022
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary... High Unreviewed
CVE-2012-0911 was published May 17, 2022
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows... High Unreviewed
CVE-2013-1465 was published May 17, 2022
CrushFTP 8.x before 8.2.0 has a serialization vulnerability. Critical Unreviewed
CVE-2017-14035 was published May 17, 2022
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load,... Critical Unreviewed
CVE-2017-2292 was published May 17, 2022
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed
CVE-2015-7450 was published May 17, 2022
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A,... Critical Unreviewed
CVE-2017-10932 was published May 17, 2022
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows... High Unreviewed
CVE-2015-5164 was published May 17, 2022
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference... Critical Unreviewed
CVE-2017-12796 was published May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code... Critical Unreviewed
CVE-2022-30779 was published May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code... Critical Unreviewed
CVE-2022-30778 was published May 17, 2022
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of... High Unreviewed
CVE-2022-0573 was published May 17, 2022
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads... Critical Unreviewed
CVE-2017-17672 was published May 14, 2022
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain... Critical Unreviewed
CVE-2016-7124 was published May 14, 2022
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x... High Unreviewed
CVE-2016-4385 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database