Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,006 advisories

Loading
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the... Low Unreviewed
CVE-2022-29615 was published Jun 15, 2022
User account escalation in Apache Hadoop High
CVE-2021-33036 was published for org.apache.hadoop:hadoop-yarn-server-common (Maven) Jun 16, 2022
In the keystore library, there is a possible prevention of access to system Settings due to... Moderate Unreviewed
CVE-2022-20195 was published Jun 16, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) Low
CVE-2022-39379 was published for fluentd (RubyGems) Nov 2, 2022
p-
Credited to p-
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution Moderate
CVE-2021-32828 was published for org.nuxeo.ecm.platform:nuxeo-platform-oauth (Maven) Jan 6, 2023
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
Credited to mir-hossein
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx High
CVE-2022-25863 was published for gatsby-plugin-mdx (npm) Jun 3, 2022
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C... Critical Unreviewed
CVE-2022-29875 was published Jun 2, 2022
The affected products are vulnerable of untrusted data due to deserialization without prior... Critical Unreviewed
CVE-2022-1660 was published Jun 3, 2022
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22097 was published for org.springframework.amqp:spring-amqp (Maven) May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses... High Unreviewed
CVE-2020-25258 was published May 24, 2022
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the... High Unreviewed
CVE-2020-4280 was published May 24, 2022
Deserialization of Untrusted Data in Hazelcast High
CVE-2016-10750 was published for com.hazelcast:hazelcast (Maven) May 24, 2022
Deserialization of Untrusted Data in NancyFX Nancy Critical
CVE-2017-9785 was published for Nancy (NuGet) May 17, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39147 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39152 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ThinkPHP deserialization vulnerability Critical
CVE-2022-38352 was published for topthink/framework (Composer) Sep 16, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39148 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
wh1t3p1g
Credited to wh1t3p1g
Insecure Deserialization in Apache Commons Beanutils High
CVE-2019-10086 was published for commons-beanutils:commons-beanutils (Maven) Jun 15, 2020
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed
CVE-2022-36964 was published Nov 29, 2022
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility... Critical Unreviewed
CVE-2020-28032 was published May 24, 2022
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web... High Unreviewed
CVE-2019-5069 was published May 24, 2022
Deserialization of Untrusted Data in Spring Batch High
CVE-2020-5411 was published for org.springframework.batch:spring-batch-core (Maven) May 24, 2022
Deserialization of Untrusted Data in Spring-flex High
CVE-2017-3203 was published for org.springframework.flex:spring-flex (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database