Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,001 advisories

Loading
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or... Critical Unreviewed
CVE-2019-12240 was published May 24, 2022
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source... Critical Unreviewed
CVE-2019-12241 was published May 24, 2022
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2019-4279 was published May 24, 2022
A vulnerability has been identified in LOGO! Soft Comfort (All versions). The vulnerability could... High Unreviewed
CVE-2019-10924 was published May 24, 2022
PharStreamWrapper for Typo3 unsafe deserialization vulnerability Critical
CVE-2019-11830 was published for typo3/phar-stream-wrapper (Composer) May 24, 2022
An attacker could send a specifically crafted payload to the XML-RPC invocation script and... Critical Unreviewed
CVE-2019-5434 was published May 24, 2022
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An... Critical Unreviewed
CVE-2019-7214 was published May 24, 2022
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes... Critical Unreviewed
CVE-2021-32935 was published May 24, 2022
gopkg.in/yaml.v3 Denial of Service High
CVE-2022-28948 was published for gopkg.in/yaml.v3 (Go) May 20, 2022
fourdim thediveo
n-bes
Credited to fourdim, thediveo, and n-bes
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a... Critical Unreviewed
CVE-2022-24108 was published May 18, 2022
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and... High Unreviewed
CVE-2022-1118 was published May 18, 2022
eDeploy has RCE via cPickle deserialization of untrusted data Critical Unreviewed
CVE-2014-3699 was published May 17, 2022
Typo3 Extbase Framework Unsafe Deserialization Moderate
CVE-2012-1605 was published for typo3/cms (Composer) May 17, 2022
Silverstripe CMS Arbitrary Code Execution Moderate
CVE-2011-4962 was published for silverstripe/cms (Composer) May 17, 2022
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component Moderate
CVE-2013-7075 was published for typo3/cms (Composer) May 17, 2022
Deserialization of Untrusted Data in Apache Tomcat High
CVE-2013-2185 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Restlet Arbitrary Java Code Execution via a serialized object High
CVE-2013-4271 was published for org.restlet.jse:org.restlet (Maven) May 17, 2022
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote... High Unreviewed
CVE-2016-7065 was published May 17, 2022
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured... Critical Unreviewed
CVE-2016-6330 was published May 17, 2022
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2016-6199 was published May 17, 2022
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML... Critical Unreviewed
CVE-2017-5983 was published May 17, 2022
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code... High Unreviewed
CVE-2017-8829 was published May 17, 2022
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to... Critical Unreviewed
CVE-2017-9363 was published May 17, 2022
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux... Critical Unreviewed
CVE-2016-7050 was published May 17, 2022
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2016-3690 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database