Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation... High Unreviewed
CVE-2021-21869 was published May 24, 2022
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows... High Unreviewed
CVE-2021-36231 was published May 24, 2022
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform... High Unreviewed
CVE-2021-35215 was published May 24, 2022
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml... Critical Unreviewed
CVE-2021-34066 was published May 24, 2022
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user... High Unreviewed
CVE-2021-24579 was published May 24, 2022
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in... High Unreviewed
CVE-2021-35216 was published May 24, 2022
mrdoc is vulnerable to Deserialization of Untrusted Data High Unreviewed
CVE-2021-32568 was published May 24, 2022
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code... High Unreviewed
CVE-2021-35218 was published May 24, 2022
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in... High Unreviewed
CVE-2021-35217 was published May 24, 2022
ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10... High Unreviewed
CVE-2021-32836 was published May 24, 2022
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All... Critical Unreviewed
CVE-2021-37181 was published May 24, 2022
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute... Critical Unreviewed
CVE-2021-39392 was published May 24, 2022
In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization... High Unreviewed
CVE-2021-0685 was published May 24, 2022
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary... High Unreviewed
CVE-2021-41588 was published May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR... Critical Unreviewed
CVE-2021-40102 was published May 24, 2022
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code... Critical Unreviewed
CVE-2021-42090 was published May 24, 2022
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in... High Unreviewed
CVE-2021-40843 was published May 24, 2022
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected... High Unreviewed
CVE-2021-33728 was published May 24, 2022
If an on-premise installation of the Pega Platform is configured with the port for the JMX... Critical Unreviewed
CVE-2022-24082 was published Jul 20, 2022
MySQL JDBC deserialization vulnerability Critical
CVE-2022-39312 was published for io.dataease:dataease-plugin-common (Maven) Oct 18, 2022
aboutbo
Credited to aboutbo
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure... High Unreviewed
CVE-2021-35227 was published May 24, 2022
Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection... High Unreviewed
CVE-2021-39321 was published May 24, 2022
Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data... Critical Unreviewed
CVE-2021-40719 was published May 24, 2022
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of... High Unreviewed
CVE-2022-3335 was published Oct 25, 2022
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An... High Unreviewed
CVE-2022-40238 was published Oct 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database