GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,603
Composer 5,006
Erlang 39
GitHub Actions 38
Go 2,636
Maven 6,104
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,494

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,371 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed

CVE-2018-2628 was published May 14, 2022

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote... Critical Unreviewed

CVE-2016-6793 was published May 14, 2022

The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to... Critical Unreviewed

CVE-2016-3957 was published May 14, 2022

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed

CVE-2018-3245 was published May 13, 2022

Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated... High Unreviewed

CVE-2018-19499 was published May 13, 2022

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of... High Unreviewed

CVE-2018-19396 was published May 13, 2022

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter... Critical Unreviewed

CVE-2018-1000832 was published May 13, 2022

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE... High Unreviewed

CVE-2018-1000509 was published May 13, 2022

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that... High Unreviewed

CVE-2017-7293 was published May 13, 2022

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized... Critical Unreviewed

CVE-2017-5830 was published May 13, 2022

In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due... High Unreviewed

CVE-2017-13286 was published May 13, 2022

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0,... High Unreviewed

CVE-2017-10803 was published May 13, 2022

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to... High Unreviewed

CVE-2017-1000148 was published May 13, 2022

An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product:... High Unreviewed

CVE-2017-0806 was published May 13, 2022

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray... High Unreviewed

CVE-2016-0750 was published May 13, 2022

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x,... High Unreviewed

CVE-2016-8648 was published May 13, 2022

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the... Moderate Unreviewed

CVE-2016-8653 was published May 13, 2022

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the... Critical Unreviewed

CVE-2016-9483 was published May 13, 2022

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe... Critical Unreviewed

CVE-2016-9498 was published May 13, 2022

Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX... Moderate Unreviewed

CVE-2016-9585 was published May 13, 2022

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3... Critical Unreviewed

CVE-2017-11153 was published May 13, 2022

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed

CVE-2017-17406 was published May 13, 2022

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version... High Unreviewed

CVE-2017-3201 was published May 13, 2022

The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1... Critical Unreviewed

CVE-2017-3207 was published May 13, 2022

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which... Critical Unreviewed

CVE-2017-7504 was published May 13, 2022

Previous 1…51…55 Next

Previous 1 2 … 49 50 51 52 53 54 55 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,371 advisories