Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

630 advisories

Loading
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console Critical
CVE-2022-25767 was published for com.bstek.ureport:ureport2-console (Maven) May 3, 2022
Deserialization of Untrusted Data in Gson High
CVE-2022-25647 was published for com.google.code.gson:gson (Maven) May 3, 2022
Py2Play Unpickles Untrusted Objects High
CVE-2005-2875 was published for Py2Play (pip) May 1, 2022
Arbitrary Code Execution in Cookie Serialization High
CVE-2017-1000053 was published for plug (Erlang) Apr 12, 2022
Remote Code Execution in Laravel Critical
CVE-2021-43503 was published for laravel/laravel (Composer) Apr 9, 2022 withdrawn
mir-hossein
Credited to mir-hossein
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2021-30179 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Deserializer tampering in Apache Dubbo Critical
CVE-2021-25641 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Deserialization of Untrusted Data in SinGooCMS.Utility Critical
CVE-2022-0749 was published for SinGooCMS.Utility (NuGet) Mar 18, 2022
Deserialization of untrusted data in Apache Cayenne High
CVE-2022-24289 was published for org.apache.cayenne:cayenne-server (Maven) Feb 12, 2022
Deserialization of Untrusted Data in Magnolia CMS High
CVE-2021-46364 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Deserialization of Untrusted Data in bson Moderate
CVE-2019-2391 was published for bson (npm) Feb 10, 2022
Deserialization of Untrusted Data in Jodd Critical
CVE-2018-21234 was published for org.jodd:jodd-json (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2020-1948 was published for org.apache.dubbo:dubbo (Maven) Feb 10, 2022
Gadget chain attack in Nippy High
CVE-2020-24164 was published for com.taoensso:nippy (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache ShardingSphere High
CVE-2020-1947 was published for org.apache.shardingsphere:shardingsphere (Maven) Feb 10, 2022
DoS vulnerability in bundled XStream library in Jenkins Core Moderate
CVE-2022-0538 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 10, 2022
NotMyFault
Credited to NotMyFault
Serialization vulnerability in Apache Tapestry Critical
CVE-2020-17531 was published for org.apache.tapestry:tapestry-project (Maven) Feb 9, 2022
Remote code execution in DolphinScheduler Critical
CVE-2020-11974 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 9, 2022
Deserialization exploitation in Apache Dubbo Critical
CVE-2020-11995 was published for org.apache.dubbo:dubbo-parent (Maven) Feb 9, 2022
Arbitrary code execution in Apache ServiceComb java-chassis High
CVE-2020-17532 was published for org.apache.servicecomb:java-chassis (Maven) Feb 9, 2022
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
Credited to r00t4dm
Insecure Java Deserialization in Apache Karaf High
CVE-2021-41766 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Jan 28, 2022
Deserialization of Untrusted Data in Log4j 1.x High
CVE-2022-23302 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron
Credited to SebGondron
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Credited to frant-hartm
Deserialization of Untrusted Data in Apache Log4j Critical
CVE-2022-23307 was published for log4j:log4j (Maven) Jan 19, 2022
zbazztian SebGondron
Credited to zbazztian and SebGondron
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database