Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Deserialization of Untrusted Data in Apache Tomcat High
CVE-2013-2185 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14061 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
Code Execution through IIFE in node-serialize Critical
CVE-2017-5941 was published for node-serialize (npm) Jul 18, 2018
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5... Critical Unreviewed
CVE-2018-15691 was published May 13, 2022
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote... Critical Unreviewed
CVE-2014-9515 was published May 13, 2022
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11111 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11112 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 10, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11619 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9546 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14893 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Deserialization of Untrusted Data in Log4j Critical
CVE-2017-5645 was published for org.apache.logging.log4j:log4j (Maven) Jan 6, 2020
An exploitable code execution vulnerability exists in the Levin deserialization functionality of... Critical Unreviewed
CVE-2018-3972 was published May 13, 2022
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function... Critical Unreviewed
CVE-2022-29363 was published May 13, 2022
Deserialization of Untrusted Data in EthereumJ Critical
CVE-2018-15890 was published for org.ethereum:ethereumj-core (Maven) Jul 26, 2019
Deserialization of Untrusted Data in Apache Storm Critical
CVE-2018-11779 was published for org.apache.storm:storm-kafka (Maven) Aug 1, 2019
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the ... High Unreviewed
CVE-2022-1463 was published May 11, 2022
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-23592 was published for topthink/framework (Composer) May 7, 2022
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a... Critical Unreviewed
CVE-2020-23620 was published May 4, 2022
The Java Remote Management Interface of all versions of SVI MS Management System was discovered... Critical Unreviewed
CVE-2020-23621 was published May 4, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console Critical
CVE-2022-25767 was published for com.bstek.ureport:ureport2-console (Maven) May 3, 2022
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of... Critical Unreviewed
CVE-2022-44542 was published Nov 1, 2022
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. Critical Unreviewed
CVE-2022-40889 was published Oct 18, 2022
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe... Critical Unreviewed
CVE-2020-26867 was published May 24, 2022
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some... Critical Unreviewed
CVE-2022-2870 was published Aug 18, 2022
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by... Critical Unreviewed
CVE-2022-46478 was published Jan 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database