Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,001 advisories

Loading
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote... Critical Unreviewed
CVE-2021-45899 was published Jan 29, 2022
Insecure Java Deserialization in Apache Karaf High
CVE-2021-41766 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Jan 28, 2022
Deserialization of Untrusted Data in Log4j 1.x High
CVE-2022-23302 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron
Credited to SebGondron
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Credited to frant-hartm
Deserialization of Untrusted Data in Apache Log4j Critical
CVE-2022-23307 was published for log4j:log4j (Maven) Jan 19, 2022
zbazztian SebGondron
Credited to zbazztian and SebGondron
Deserialization of Untrusted Data in Dubbo Critical
CVE-2021-43297 was published for org.apache.dubbo:dubbo (Maven) Jan 12, 2022
pytorch-lightning is vulnerable to Deserialization of Untrusted Data High
CVE-2021-4118 was published for pytorch-lightning (pip) Jan 6, 2022
akihironitta
Credited to akihironitta
RCE in H2 Console Critical
CVE-2021-42392 was published for com.h2database:h2 (Maven) Jan 6, 2022
Deserialization of Untrusted Data in Codeigniter4 High
CVE-2022-21647 was published for codeigniter4/framework (Composer) Jan 6, 2022
Deserialization of Untrusted Data in rust-cpuid Critical
CVE-2021-45687 was published for raw-cpuid (Rust) Jan 6, 2022
richardfan0606
Credited to richardfan0606
Deserialization of Untrusted Data in Apache Heron High
CVE-2020-1964 was published for org.apache.heron:heron-simulator (Maven) Jan 6, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 ashmind
Credited to jsk95 and ashmind
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Credited to LoboMetalurgico and PleaseInsertNameHere
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A... High Unreviewed
CVE-2021-20318 was published Dec 24, 2021
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows... Critical Unreviewed
CVE-2021-44029 was published Dec 23, 2021
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could... Critical Unreviewed
CVE-2021-36336 was published Dec 22, 2021
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data High
GHSA-3w6p-8f82-gw8r was published for ru.yandex.clickhouse:clickhouse-jdbc-bridge (Maven) Dec 17, 2021
Deserialization of Untrusted Data in logback Moderate
CVE-2021-42550 was published for ch.qos.logback:logback-core (Maven) Dec 17, 2021
MikeMoore63
Credited to MikeMoore63
Remote Code Execution in AjaxNetProfessional Critical
CVE-2021-23758 was published for AjaxNetProfessional (NuGet) Dec 16, 2021
In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization... High Unreviewed
CVE-2021-0928 was published Dec 16, 2021
In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization... High Unreviewed
CVE-2021-0970 was published Dec 16, 2021
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data High
CVE-2021-4104 was published for log4j:log4j (Maven) Dec 14, 2021
SebGondron
Credited to SebGondron
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
ppkarwasz
Credited to mrjonstrong, afdesk, and ppkarwasz
The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize... Critical Unreviewed
CVE-2021-24857 was published Dec 14, 2021
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36564 was published for topthink/framework (Composer) Dec 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database