Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,001 advisories

Loading
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30,... High Unreviewed
CVE-2019-11666 was published May 24, 2022
Pimcore RCE via PHAR upload High
CVE-2019-16317 was published for pimcore/pimcore (Composer) May 24, 2022
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is... Critical Unreviewed
CVE-2019-0189 was published May 24, 2022
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via... High Unreviewed
CVE-2017-18604 was published May 24, 2022
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web... High Unreviewed
CVE-2019-5069 was published May 24, 2022
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. Critical Unreviewed
CVE-2019-15780 was published May 24, 2022
Spoon Library as used in Fork CMS allows PHP object injection Critical
CVE-2019-15521 was published for spoon/library (Composer) May 24, 2022
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. Critical Unreviewed
CVE-2018-20987 was published May 24, 2022
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection. Critical Unreviewed
CVE-2018-20984 was published May 24, 2022
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6... Critical Unreviewed
CVE-2019-0344 was published May 24, 2022
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1... High Unreviewed
CVE-2019-10135 was published May 24, 2022
Akamai CloudTest before 58.30 allows remote code execution. Critical Unreviewed
CVE-2019-11011 was published May 24, 2022
Shopware Insecure Deserialization Vulnerability High
CVE-2019-12799 was published for shopware/shopware (Composer) May 24, 2022
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and... Moderate Unreviewed
CVE-2019-0305 was published May 24, 2022
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via... High Unreviewed
CVE-2019-11080 was published May 24, 2022
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC)... High Unreviewed
CVE-2019-5350 was published May 24, 2022
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC)... High Unreviewed
CVE-2019-11950 was published May 24, 2022
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC)... High Unreviewed
CVE-2019-11956 was published May 24, 2022
In Godot through 3.1, remote code execution is possible due to the deserialization policy not... Critical Unreviewed
CVE-2019-10069 was published May 24, 2022
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in... Critical Unreviewed
CVE-2019-9874 was published May 24, 2022
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an... High Unreviewed
CVE-2019-9875 was published May 24, 2022
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in... Critical Unreviewed
CVE-2019-6980 was published May 24, 2022
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. High Unreviewed
CVE-2017-18375 was published May 24, 2022
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php... High Unreviewed
CVE-2016-10753 was published May 24, 2022
Deserialization of Untrusted Data in Hazelcast High
CVE-2016-10750 was published for com.hazelcast:hazelcast (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database