Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed
CVE-2017-11284 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15965 was published May 13, 2022
Deserialization exploitation in Apache Dubbo Critical
CVE-2020-11995 was published for org.apache.dubbo:dubbo-parent (Maven) Feb 9, 2022
Arbitrary code execution in Apache ServiceComb java-chassis High
CVE-2020-17532 was published for org.apache.servicecomb:java-chassis (Maven) Feb 9, 2022
Deserialization of Untrusted Data in NukeViet Critical
CVE-2019-7725 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed
CVE-2017-11283 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15957 was published May 13, 2022
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote... Critical Unreviewed
CVE-2016-1114 was published May 13, 2022
Unsafe Deserialization that can Result in Code Execution High
CVE-2020-36282 was published for com.rabbitmq.jms:rabbitmq-jms (Maven) Dec 10, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) Moderate
CVE-2021-21348 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21349 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21350 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights Moderate
CVE-2021-21343 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21346 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
Credited to wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21351 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
Credited to wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21344 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21347 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15958 was published May 13, 2022
RCE via PHP Object injection via SOAP Requests High
CVE-2020-15244 was published for openmage/magento-lts (Composer) Oct 30, 2020
convenient
Credited to convenient
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2018-15425 was published May 13, 2022
Deserialization of Untrusted Data in Apache Tapestry Critical
CVE-2019-0195 was published for org.apache.tapestry:tapestry-core (Maven) May 24, 2022
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows... High Unreviewed
CVE-2018-16364 was published May 13, 2022
Code execution in Spring Integration Critical
CVE-2020-5413 was published for org.springframework.integration:spring-integration-core (Maven) Aug 5, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database