Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,262
NuGet
760
pip
4,058
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,006 advisories

Loading
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-35870 was published Jul 26, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-35872 was published Jul 26, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior... Critical Unreviewed
CVE-2022-33318 was published Jul 21, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior... High Unreviewed
CVE-2022-33320 was published Jul 21, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior... High Unreviewed
CVE-2022-33315 was published Jul 21, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior... High Unreviewed
CVE-2022-33316 was published Jul 21, 2022
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to... Critical Unreviewed
CVE-2022-35405 was published Jul 20, 2022
If an on-premise installation of the Pega Platform is configured with the port for the JMX... Critical Unreviewed
CVE-2022-24082 was published Jul 20, 2022
This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability... High Unreviewed
CVE-2022-1984 was published Jul 20, 2022
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety... High Unreviewed
CVE-2022-27580 was published Jul 20, 2022
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi... High Unreviewed
CVE-2022-27579 was published Jul 20, 2022
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. Critical Unreviewed
CVE-2021-41419 was published Jul 19, 2022
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2022-2444 was published Jul 19, 2022
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2022-2437 was published Jul 19, 2022
An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an... High Unreviewed
CVE-2022-30981 was published Jul 18, 2022
jackson-databind vulnerable to unsafe deserialization High
CVE-2020-10650 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 15, 2022
fabric8 kubernetes-client vulnerable Moderate
CVE-2021-4178 was published for io.fabric8:kubernetes-client (Maven) Jul 15, 2022
sbenhai tdunlap607
Credited to sbenhai and tdunlap607
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because... Critical Unreviewed
CVE-2022-35857 was published Jul 14, 2022
An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local... High Unreviewed
CVE-2021-36665 was published Jul 13, 2022
Active Record RCE bug with Serialized Columns Critical
CVE-2022-32224 was published for activerecord (RubyGems) Jul 12, 2022
rpc.py vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-35411 was published for rpc.py (pip) Jul 9, 2022
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization High
CVE-2022-31115 was published for opensearch-ruby (RubyGems) Jul 5, 2022
tdunlap607
Credited to tdunlap607
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2022-33107 was published for topthink/framework (Composer) Jun 30, 2022
Unsafe yaml deserialization in NVFlare Critical
CVE-2022-31605 was published for nvflare (pip) Jun 22, 2022
Unsafe deserialisation in the PKI implementation scheme of NVFlare Critical
CVE-2022-31604 was published for nvflare (pip) Jun 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database