Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via... Critical Unreviewed
CVE-2016-3415 was published May 13, 2022
A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to... High Unreviewed
CVE-2022-24282 was published Mar 9, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class... High Unreviewed
CVE-2019-9056 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files... High Unreviewed
CVE-2019-9055 was published May 13, 2022
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows... High Unreviewed
CVE-2021-42130 was published Dec 8, 2021
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44680 was published Dec 7, 2021
In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization... High Unreviewed
CVE-2021-0970 was published Dec 16, 2021
The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize... Critical Unreviewed
CVE-2021-24857 was published Dec 14, 2021
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44682 was published Dec 7, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using... Critical Unreviewed
CVE-2021-42127 was published Dec 8, 2021
Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery... Critical Unreviewed
CVE-2021-37298 was published Dec 7, 2021
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44681 was published Dec 7, 2021
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36567 was published for topthink/framework (Composer) Dec 7, 2021
jhutchings1
Credited to jhutchings1
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object... High Unreviewed
CVE-2021-43360 was published Dec 2, 2021
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a... High Unreviewed
CVE-2022-2465 was published Aug 26, 2022
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44679 was published Dec 7, 2021
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44677 was published Dec 7, 2021
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44678 was published Dec 7, 2021
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils Critical
CVE-2021-41616 was published for org.apache.ddlutils:ddlutils (Maven) Oct 4, 2021
Security check skip in Apache Dubbo Critical
CVE-2021-37579 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm Critical
CVE-2021-40865 was published for org.apache.storm:storm (Maven) Oct 27, 2021
Hessian protocol configuration vulnerability in Apache Dubbo Critical
CVE-2021-36163 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
Remote Code Execution in Halibut Critical
CVE-2021-31819 was published for Halibut (NuGet) Sep 23, 2021
Deserialization of Untrusted Data in Neo4j Critical
CVE-2021-34371 was published for org.neo4j:neo4j (Maven) Sep 1, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter High
CVE-2021-23441 was published for com.jsoniter:jsoniter (Maven) Sep 20, 2021 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database