Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Apache Linkis subject to Remote Code Execution via deserialization High
CVE-2022-39944 was published for org.apache.linkis:linkis (Maven) Oct 26, 2022
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an... High Unreviewed
CVE-2022-3380 was published Oct 31, 2022
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint... High Unreviewed
CVE-2022-3360 was published Oct 31, 2022
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file,... High Unreviewed
CVE-2022-3357 was published Oct 31, 2022
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro... High Unreviewed
CVE-2022-3366 was published Oct 31, 2022
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which... High Unreviewed
CVE-2022-3374 was published Oct 31, 2022
Project files are stored memory objects in the form of binary serialized data that can later be... High Unreviewed
CVE-2021-42698 was published May 24, 2022
Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks... Critical Unreviewed
CVE-2019-19810 was published May 24, 2022
RCE vulnerability in Google Kubernetes Engine Plugin High
CVE-2020-2121 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file,... High Unreviewed
CVE-2022-3334 was published Oct 31, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2021-34992 was published May 24, 2022
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code... High Unreviewed
CVE-2022-29936 was published Apr 30, 2022
Deserialization of Untrusted Data in logback Moderate
CVE-2021-42550 was published for ch.qos.logback:logback-core (Maven) Dec 17, 2021
MikeMoore63
Credited to MikeMoore63
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to... High Unreviewed
CVE-2021-26558 was published May 24, 2022
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A... High Unreviewed
CVE-2016-9045 was published May 13, 2022
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2... High Unreviewed
CVE-2021-24307 was published May 24, 2022
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with... Moderate Unreviewed
CVE-2021-21488 was published May 24, 2022
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the... Critical Unreviewed
CVE-2022-3900 was published Dec 12, 2022
In telephony, there is a possible permission bypass due to a parcel format mismatch. This could... High Unreviewed
CVE-2022-32601 was published Nov 9, 2022
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad)... High Unreviewed
CVE-2022-41203 was published Nov 9, 2022
Deserialization of Untrusted Data vulnerability in the message processing component of... Critical Unreviewed
CVE-2022-2830 was published Sep 6, 2022
Serialization vulnerability in Apache Tapestry Critical
CVE-2020-17531 was published for org.apache.tapestry:tapestry-project (Maven) Feb 9, 2022
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin High
CVE-2020-2166 was published for de.taimos:pipeline-aws (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
RCE vulnerability in Jenkins Azure Container Service Plugin High
CVE-2020-2168 was published for org.jenkins-ci.plugins:azure-acs (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
RCE vulnerability in Jenkins DotCi Plugin High
CVE-2022-41237 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database