Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,001 advisories

Loading
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain... Critical Unreviewed
CVE-2016-7124 was published May 14, 2022
Deserialization of Untrusted Data in Jenkins Moderate
CVE-2017-1000355 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x... High Unreviewed
CVE-2016-4385 was published May 14, 2022
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3... Critical Unreviewed
CVE-2017-5792 was published May 14, 2022
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent... High Unreviewed
CVE-2017-8967 was published May 14, 2022
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent... High Unreviewed
CVE-2017-8965 was published May 14, 2022
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent... High Unreviewed
CVE-2017-8966 was published May 14, 2022
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent... High Unreviewed
CVE-2017-8962 was published May 14, 2022
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent... High Unreviewed
CVE-2017-8963 was published May 14, 2022
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent... High Unreviewed
CVE-2017-8964 was published May 14, 2022
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3)... Critical Unreviewed
CVE-2017-4947 was published May 14, 2022
NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing... High Unreviewed
CVE-2018-1000047 was published May 14, 2022
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval... High Unreviewed
CVE-2018-1000048 was published May 14, 2022
NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather... High Unreviewed
CVE-2018-1000045 was published May 14, 2022
NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library... High Unreviewed
CVE-2018-1000046 was published May 14, 2022
A remote code execution vulnerability in HPE Operations Orchestration Community edition and... Critical Unreviewed
CVE-2016-8519 was published May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC... Critical Unreviewed
CVE-2017-12556 was published May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC... Critical Unreviewed
CVE-2017-12558 was published May 14, 2022
Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin High
CVE-2018-1000058 was published for org.jenkins-ci.plugins.workflow:workflow-support (Maven) May 14, 2022
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center ... Critical Unreviewed
CVE-2017-5790 was published May 14, 2022
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java... Critical Unreviewed
CVE-2016-8511 was published May 14, 2022
Apache Geode unsafe deserialization of application objects High
CVE-2017-15693 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Apache Geode unsafe deserialization in TcpServer Critical
CVE-2017-15692 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Deserialization of Untrusted Data in Apache OpenJPA High
CVE-2013-1768 was published for org.apache.openjpa:openjpa (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by... Critical Unreviewed
CVE-2015-2020 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database