Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,001 advisories

Loading
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated... High Unreviewed
CVE-2018-19499 was published May 13, 2022
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of... High Unreviewed
CVE-2018-19396 was published May 13, 2022
phpBB Remote Code Execution High
CVE-2018-19274 was published for phpbb/phpbb (Composer) May 13, 2022
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter... Critical Unreviewed
CVE-2018-1000832 was published May 13, 2022
Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE... High Unreviewed
CVE-2018-1000509 was published May 13, 2022
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that... High Unreviewed
CVE-2017-7293 was published May 13, 2022
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized... Critical Unreviewed
CVE-2017-5830 was published May 13, 2022
Unsafe pyyaml load usage in PyAnyAPI Critical
CVE-2017-16616 was published for pyanyapi (pip) May 13, 2022
westonsteimel
Credited to westonsteimel
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due... High Unreviewed
CVE-2017-13286 was published May 13, 2022
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0,... High Unreviewed
CVE-2017-10803 was published May 13, 2022
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to... High Unreviewed
CVE-2017-1000148 was published May 13, 2022
An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product:... High Unreviewed
CVE-2017-0806 was published May 13, 2022
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray... High Unreviewed
CVE-2016-0750 was published May 13, 2022
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x,... High Unreviewed
CVE-2016-8648 was published May 13, 2022
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the... Moderate Unreviewed
CVE-2016-8653 was published May 13, 2022
The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the... Critical Unreviewed
CVE-2016-9483 was published May 13, 2022
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe... Critical Unreviewed
CVE-2016-9498 was published May 13, 2022
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX... Moderate Unreviewed
CVE-2016-9585 was published May 13, 2022
RubyGems vulnerable to Deserialization of Untrusted Data Critical
CVE-2017-0903 was published for rubygems-update (RubyGems) May 13, 2022
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3... Critical Unreviewed
CVE-2017-11153 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-17406 was published May 13, 2022
Deserialization of Untrusted Data in Jenkins High
CVE-2017-2608 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version... High Unreviewed
CVE-2017-3201 was published May 13, 2022
Deserialization of Untrusted Data in Spring-flex High
CVE-2017-3203 was published for org.springframework.flex:spring-flex (Maven) May 13, 2022
Deserialization of Untrusted Data in Flamingo amf-serializer Critical
CVE-2017-3202 was published for com.exadel.flamingo.flex:amf-serializer (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database