Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,002 advisories

Loading
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. Critical Unreviewed
CVE-2021-32098 was published May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management... High Unreviewed
CVE-2021-25152 was published May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management... High Unreviewed
CVE-2021-25151 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can... Critical Unreviewed
CVE-2021-29200 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.07 version Critical Unreviewed
CVE-2021-30128 was published May 24, 2022
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module High
CVE-2020-7385 was published for metasploit-framework (RubyGems) May 24, 2022
jasnow
Credited to jasnow
This vulnerability allows local attackers to escalate privileges on affected installations of... High Unreviewed
CVE-2021-27277 was published May 24, 2022
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a... Critical Unreviewed
CVE-2021-3287 was published May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary... Moderate Unreviewed
CVE-2021-3035 was published May 24, 2022
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database... High Unreviewed
CVE-2021-29654 was published May 24, 2022
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted... Critical Unreviewed
CVE-2021-21524 was published May 24, 2022
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user... High Unreviewed
CVE-2021-24217 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1415 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1413 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1414 was published May 24, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of... High Unreviewed
CVE-2021-27240 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use... Critical Unreviewed
CVE-2021-26295 was published May 24, 2022
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute... Critical Unreviewed
CVE-2020-29045 was published May 24, 2022
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute... Critical Unreviewed
CVE-2020-29047 was published May 24, 2022
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a... High Unreviewed
CVE-2021-20076 was published May 24, 2022
Microsoft SharePoint Remote Code Execution Vulnerability High Unreviewed
CVE-2021-24066 was published May 24, 2022
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code... Critical Unreviewed
CVE-2021-27335 was published May 24, 2022
The specific function of HR Portal of Soar Cloud System accepts any type of object to be... Critical Unreviewed
CVE-2021-22855 was published May 24, 2022
qlib Deserialization of Untrusted Data vulnerability Moderate
CVE-2021-23338 was published for pyqlib (pip) May 24, 2022
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because... Critical Unreviewed
CVE-2021-27213 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database