Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,001 advisories

Loading
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was... Critical Unreviewed
CVE-2017-12149 was published May 14, 2022
OISF suricata-update unsafely deserializes YAML data High
CVE-2018-1000167 was published for suricata-update (pip) May 14, 2022
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the... High Unreviewed
CVE-2017-2295 was published May 14, 2022
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+,... High Unreviewed
CVE-2018-7891 was published May 14, 2022
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8... High Unreviewed
CVE-2018-10654 was published May 14, 2022
Apache NiFi JMS Deserialization issue High
CVE-2018-1310 was published for org.apache.nifi:nifi (Maven) May 14, 2022
IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,... High Unreviewed
CVE-2017-1677 was published May 14, 2022
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function... Critical Unreviewed
CVE-2016-6620 was published May 14, 2022
Django Tastypie Improper Deserialization of YAML Data Critical
CVE-2011-4104 was published for django-tastypie (pip) May 14, 2022
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to... High Unreviewed
CVE-2018-8349 was published May 14, 2022
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in... Critical Unreviewed
CVE-2017-10934 was published May 14, 2022
A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi... High Unreviewed
CVE-2016-4398 was published May 14, 2022
A remote code execution vulnerability was identified in HP Business Service Management (BSM)... High Unreviewed
CVE-2016-4405 was published May 14, 2022
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data Moderate
CVE-2011-2894 was published for org.springframework.security:spring-security-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via... Critical Unreviewed
CVE-2014-8731 was published May 14, 2022
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote... Critical Unreviewed
CVE-2016-0779 was published May 14, 2022
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute... High Unreviewed
CVE-2018-14878 was published May 14, 2022
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data,... High Unreviewed
CVE-2018-7889 was published May 14, 2022
A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security... High Unreviewed
CVE-2018-10513 was published May 14, 2022
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the... High Unreviewed
CVE-2018-15503 was published May 14, 2022
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce... High Unreviewed
CVE-2018-15514 was published May 14, 2022
Apache XML-RPC vulnerable to Deserialization of Untrusted Data Critical
CVE-2016-5003 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly... Critical Unreviewed
CVE-2017-9844 was published May 14, 2022
VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied... High Unreviewed
CVE-2018-18987 was published May 14, 2022
** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its... High Unreviewed
CVE-2018-18013 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database