Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,006 advisories

Loading
In the keystore library, there is a possible prevention of access to system Settings due to... Moderate Unreviewed
CVE-2022-20195 was published Jun 16, 2022
User account escalation in Apache Hadoop High
CVE-2021-33036 was published for org.apache.hadoop:hadoop-yarn-server-common (Maven) Jun 16, 2022
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the... Low Unreviewed
CVE-2022-29615 was published Jun 15, 2022
Unsafe deserialization in com.alibaba:fastjson High
CVE-2022-25845 was published for com.alibaba:fastjson (Maven) Jun 11, 2022
SunBK201
Credited to SunBK201
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
Credited to mir-hossein
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
Credited to plygrnd and tdunlap607
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx High
CVE-2022-25863 was published for gatsby-plugin-mdx (npm) Jun 3, 2022
The affected products are vulnerable of untrusted data due to deserialization without prior... Critical Unreviewed
CVE-2022-1660 was published Jun 3, 2022
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C... Critical Unreviewed
CVE-2022-29875 was published Jun 2, 2022
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with... Moderate Unreviewed
CVE-2021-21488 was published May 24, 2022
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2... High Unreviewed
CVE-2021-24307 was published May 24, 2022
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to... High Unreviewed
CVE-2021-26558 was published May 24, 2022
Rails is bad High Unreviewed
CVE-2021-26857 was published May 24, 2022
Numpy Deserialization of Untrusted Data Critical
CVE-2019-6446 was published for numpy (pip) May 24, 2022
Deserialization of Untrusted Data in Apache Tapestry Critical
CVE-2019-0195 was published for org.apache.tapestry:tapestry-core (Maven) May 24, 2022
Typo3 Vulnerable to Insecure Deserialization High
CVE-2019-12747 was published for typo3/cms (Composer) May 24, 2022
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator... High Unreviewed
CVE-2019-12868 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2021-34992 was published May 24, 2022
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure... Critical Unreviewed
CVE-2021-42237 was published May 24, 2022
Project files are stored memory objects in the form of binary serialized data that can later be... High Unreviewed
CVE-2021-42698 was published May 24, 2022
Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks... Critical Unreviewed
CVE-2019-19810 was published May 24, 2022
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22097 was published for org.springframework.amqp:spring-amqp (Maven) May 24, 2022
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure... High Unreviewed
CVE-2021-35227 was published May 24, 2022
Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data... Critical Unreviewed
CVE-2021-40719 was published May 24, 2022
Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection... High Unreviewed
CVE-2021-39321 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database