Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
Credited to sxjscience
Apache InLong vulnerable to Deserialization of Untrusted Data High
CVE-2022-40955 was published for org.apache.inlong:inlong-common (Maven) Sep 21, 2022
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation... Critical Unreviewed
CVE-2022-39008 was published Sep 17, 2022
ThinkPHP deserialization vulnerability Critical
CVE-2022-38352 was published for topthink/framework (Composer) Sep 16, 2022
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via... High Unreviewed
CVE-2022-2434 was published Sep 7, 2022
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input... High Unreviewed
CVE-2022-2438 was published Sep 7, 2022
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via... High Unreviewed
CVE-2022-2436 was published Sep 7, 2022
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of... High Unreviewed
CVE-2022-2442 was published Sep 7, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to... High Unreviewed
CVE-2022-2433 was published Sep 7, 2022
Deserialization of Untrusted Data vulnerability in the message processing component of... Critical Unreviewed
CVE-2022-2830 was published Sep 6, 2022
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on... Critical Unreviewed
CVE-2022-29063 was published Sep 3, 2022
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data Moderate
CVE-2022-37023 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11 High
CVE-2022-37022 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
Apache Geode vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-37021 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
raboof
Credited to raboof
NVFLARE unsafe deserialization due to Pickle Critical
CVE-2022-34668 was published for nvflare (pip) Aug 31, 2022
Deserialization of Untrusted Data in Apache Hadoop YARN High
CVE-2021-25642 was published for org.apache.hadoop:hadoop-yarn-server (Maven) Aug 26, 2022
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a... High Unreviewed
CVE-2022-2465 was published Aug 26, 2022
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment... High Unreviewed
CVE-2022-36119 was published Aug 26, 2022
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift... High Unreviewed
CVE-2021-4125 was published Aug 25, 2022
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. High Unreviewed
CVE-2022-33900 was published Aug 23, 2022
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an... High Unreviewed
CVE-2022-2886 was published Aug 20, 2022
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1... Critical Unreviewed
CVE-2022-29805 was published Aug 20, 2022
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some... Critical Unreviewed
CVE-2022-2870 was published Aug 18, 2022
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all... Moderate Unreviewed
CVE-2022-33947 was published Aug 5, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-28684 was published Aug 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database