Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,371 advisories

Loading
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach... High Unreviewed
CVE-2018-12539 was published May 13, 2022
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated,... Critical Unreviewed
CVE-2018-15381 was published May 13, 2022
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote,... Critical Unreviewed
CVE-2018-15616 was published May 13, 2022
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows... Critical Unreviewed
CVE-2018-19276 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed
CVE-2018-1567 was published May 13, 2022
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute... Critical Unreviewed
CVE-2018-1851 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed
CVE-2018-1904 was published May 13, 2022
Buck parser-cache command loads/saves state using Java serialized object. If the state... Critical Unreviewed
CVE-2018-6331 was published May 13, 2022
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017... High Unreviewed
CVE-2018-7529 was published May 13, 2022
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0... High Unreviewed
CVE-2017-14141 was published May 13, 2022
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10... Critical Unreviewed
CVE-2019-10068 was published May 13, 2022
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via... Critical Unreviewed
CVE-2016-3415 was published May 13, 2022
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com... Critical Unreviewed
CVE-2017-14702 was published May 13, 2022
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS... High Unreviewed
CVE-2010-4574 was published May 13, 2022
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting... High Unreviewed
CVE-2017-1000195 was published May 13, 2022
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize... High Unreviewed
CVE-2010-3258 was published May 13, 2022
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it... Critical Unreviewed
CVE-2017-5878 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files... High Unreviewed
CVE-2019-9055 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to... High Unreviewed
CVE-2019-9057 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action... High Unreviewed
CVE-2019-9061 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class... High Unreviewed
CVE-2019-9056 was published May 13, 2022
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed... Critical Unreviewed
CVE-2018-20718 was published May 13, 2022
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus'... High Unreviewed
CVE-2018-18589 was published May 13, 2022
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize... High Unreviewed
CVE-2018-15576 was published May 13, 2022
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call... Critical Unreviewed
CVE-2018-10085 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database