GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,638
Composer 5,007
Erlang 39
GitHub Actions 38
Go 2,645
Maven 6,108
npm 4,271
NuGet 760
pip 4,065
Pub 12
RubyGems 957
Rust 1,057
Swift 45

Unreviewed advisories

All unreviewed 277,156

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

2,007 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that... Critical Unreviewed

CVE-2017-18365 was published May 14, 2022

An attacker may convince a victim to open a malicious action micro (.actm) file that has... High Unreviewed

CVE-2019-7361 was published May 14, 2022

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote... Critical Unreviewed

CVE-2016-6793 was published May 14, 2022

Active Record RCE bug with Serialized Columns Critical

CVE-2022-32224 was published for activerecord (RubyGems) Jul 12, 2022

hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). Critical Unreviewed

CVE-2022-44371 was published Dec 7, 2022

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin... Critical Unreviewed

CVE-2022-44351 was published Dec 7, 2022

Apache Camel camel-hessian component vulnerable to Java object deserialization Critical

CVE-2017-12633 was published for org.apache.camel:camel-hessian (Maven) May 14, 2022

The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to... Critical Unreviewed

CVE-2016-3957 was published May 14, 2022

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed

CVE-2018-3245 was published May 13, 2022

In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could... High Unreviewed

CVE-2022-26472 was published Oct 8, 2022

Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated... High Unreviewed

CVE-2018-19499 was published May 13, 2022

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of... High Unreviewed

CVE-2018-19396 was published May 13, 2022

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services... Critical Unreviewed

CVE-2022-31680 was published Oct 8, 2022

In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This... High Unreviewed

CVE-2022-26471 was published Oct 8, 2022

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE... High Unreviewed

CVE-2018-1000509 was published May 13, 2022

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter... Critical Unreviewed

CVE-2018-1000832 was published May 13, 2022

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it... High Unreviewed

CVE-2022-4237 was published Jan 3, 2023

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported... High Unreviewed

CVE-2022-4324 was published Jan 3, 2023

The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings... High Unreviewed

CVE-2022-4302 was published Jan 3, 2023

In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due... High Unreviewed

CVE-2017-13286 was published May 13, 2022

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0,... High Unreviewed

CVE-2017-10803 was published May 13, 2022

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to... High Unreviewed

CVE-2017-1000148 was published May 13, 2022

An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product:... High Unreviewed

CVE-2017-0806 was published May 13, 2022

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x,... High Unreviewed

CVE-2016-8648 was published May 13, 2022

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the... Moderate Unreviewed

CVE-2016-8653 was published May 13, 2022

Previous 1…64…81 Next

Previous 1 2 … 62 63 64 65 66 … 80 81 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,007 advisories