Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,006 advisories

Loading
Project files are stored memory objects in the form of binary serialized data that can later be... High Unreviewed
CVE-2021-42698 was published May 24, 2022
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint... High Unreviewed
CVE-2022-3360 was published Oct 31, 2022
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file,... High Unreviewed
CVE-2022-3357 was published Oct 31, 2022
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro... High Unreviewed
CVE-2022-3366 was published Oct 31, 2022
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an... High Unreviewed
CVE-2022-3380 was published Oct 31, 2022
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An... High Unreviewed
CVE-2022-40238 was published Oct 26, 2022
Apache Linkis subject to Remote Code Execution via deserialization High
CVE-2022-39944 was published for org.apache.linkis:linkis (Maven) Oct 26, 2022
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of... High Unreviewed
CVE-2022-3335 was published Oct 25, 2022
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure... High Unreviewed
CVE-2021-35227 was published May 24, 2022
Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection... High Unreviewed
CVE-2021-39321 was published May 24, 2022
Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data... Critical Unreviewed
CVE-2021-40719 was published May 24, 2022
MySQL JDBC deserialization vulnerability Critical
CVE-2022-39312 was published for io.dataease:dataease-plugin-common (Maven) Oct 18, 2022
aboutbo
Credited to aboutbo
If an on-premise installation of the Pega Platform is configured with the port for the JMX... Critical Unreviewed
CVE-2022-24082 was published Jul 20, 2022
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected... High Unreviewed
CVE-2021-33728 was published May 24, 2022
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in... High Unreviewed
CVE-2021-40843 was published May 24, 2022
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code... Critical Unreviewed
CVE-2021-42090 was published May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR... Critical Unreviewed
CVE-2021-40102 was published May 24, 2022
In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization... High Unreviewed
CVE-2021-0685 was published May 24, 2022
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary... High Unreviewed
CVE-2021-41588 was published May 24, 2022
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All... Critical Unreviewed
CVE-2021-37181 was published May 24, 2022
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute... Critical Unreviewed
CVE-2021-39392 was published May 24, 2022
ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10... High Unreviewed
CVE-2021-32836 was published May 24, 2022
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in... High Unreviewed
CVE-2021-35217 was published May 24, 2022
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code... High Unreviewed
CVE-2021-35218 was published May 24, 2022
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in... High Unreviewed
CVE-2021-35216 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database