Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,001 advisories

Loading
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2017-9424 was published May 17, 2022
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi... Critical Unreviewed
CVE-2017-9830 was published May 17, 2022
Deserialization of Untrusted Data in NancyFX Nancy Critical
CVE-2017-9785 was published for Nancy (NuGet) May 17, 2022
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize... Critical Unreviewed
CVE-2016-0360 was published May 17, 2022
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization... Critical Unreviewed
CVE-2017-4914 was published May 17, 2022
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely... Moderate Unreviewed
CVE-2011-2520 was published May 17, 2022
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary... High Unreviewed
CVE-2012-0911 was published May 17, 2022
TYPO3 allows remote authenticated backend users to unserialize arbitrary objects Moderate
CVE-2012-3527 was published for typo3/cms (Composer) May 17, 2022
OpenStack Object Storage (swift) Code Injection vulnerability Critical
CVE-2012-4406 was published for swift (pip) May 17, 2022
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows... High Unreviewed
CVE-2013-1465 was published May 17, 2022
CrushFTP 8.x before 8.2.0 has a serialization vulnerability. Critical Unreviewed
CVE-2017-14035 was published May 17, 2022
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load,... Critical Unreviewed
CVE-2017-2292 was published May 17, 2022
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed
CVE-2015-7450 was published May 17, 2022
Deserialization of Untrusted Data in Apache Brooklyn High
CVE-2016-8744 was published for org.apache.brooklyn:brooklyn (Maven) May 17, 2022
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A,... Critical Unreviewed
CVE-2017-10932 was published May 17, 2022
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows... High Unreviewed
CVE-2015-5164 was published May 17, 2022
Apache James Privilege Escalation High
CVE-2017-12628 was published for org.apache.james:james-project (Maven) May 17, 2022
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference... Critical Unreviewed
CVE-2017-12796 was published May 17, 2022
Deserialization of Untrusted Data in Spring AMQP Critical
CVE-2017-8045 was published for org.springframework.amqp:spring-amqp (Maven) May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code... Critical Unreviewed
CVE-2022-30779 was published May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code... Critical Unreviewed
CVE-2022-30778 was published May 17, 2022
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of... High Unreviewed
CVE-2022-0573 was published May 17, 2022
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads... Critical Unreviewed
CVE-2017-17672 was published May 14, 2022
Jenkins allows Execution of Code by Opening a JRMP Listener Critical
CVE-2016-0788 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows Deserialization of Untrusted Data via an XML File High
CVE-2016-0792 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database