Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

832 advisories

Loading
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin... Critical Unreviewed
CVE-2022-44351 was published Dec 7, 2022
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). Critical Unreviewed
CVE-2022-44371 was published Dec 7, 2022
Apache Tapestry allows deserialization of untrusted data Critical
CVE-2022-46366 was published for org.apache.tapestry:tapestry-core (Maven) Dec 2, 2022
Unsafe deserialization in Apache MINA SSHD Critical
CVE-2022-45047 was published for org.apache.sshd:sshd-common (Maven) Nov 16, 2022
pavelarnost
Credited to pavelarnost
Apache SOAP contains unauthenticated RPCRouterServlet Critical
CVE-2022-45378 was published for soap:soap (Maven) Nov 14, 2022
Apache Jena vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-45136 was published for org.apache.jena:jena-sdb (Maven) Nov 14, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability... Critical Unreviewed
CVE-2022-38650 was published Nov 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare... Critical Unreviewed
CVE-2022-38652 was published Nov 12, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44558 was published Nov 10, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44559 was published Nov 10, 2022
The system framework layer has a vulnerability of serialization/deserialization mismatch.... Critical Unreviewed
CVE-2022-44562 was published Nov 10, 2022
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording... Critical Unreviewed
CVE-2022-31199 was published Nov 8, 2022
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied... Critical Unreviewed
CVE-2022-38142 was published Nov 1, 2022
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network... Critical Unreviewed
CVE-2022-41779 was published Nov 1, 2022
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of... Critical Unreviewed
CVE-2022-44542 was published Nov 1, 2022
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
Credited to westonsteimel
OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-43019 was published Oct 19, 2022
Hessian Lite for Apache Dubbo deserialization vulnerability Critical
CVE-2022-39198 was published for com.alibaba:hessian-lite (Maven) Oct 19, 2022
MySQL JDBC deserialization vulnerability Critical
CVE-2022-39312 was published for io.dataease:dataease-plugin-common (Maven) Oct 18, 2022
aboutbo
Credited to aboutbo
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. Critical Unreviewed
CVE-2022-40889 was published Oct 18, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). Critical Unreviewed
CVE-2018-18446 was published Oct 13, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). Critical Unreviewed
CVE-2018-18447 was published Oct 13, 2022
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services... Critical Unreviewed
CVE-2022-31680 was published Oct 8, 2022
TCPDF vulnerable to attackers triggering deserialization of arbitrary data Critical
CVE-2018-17057 was published for fooman/tcpdf (Composer) Oct 6, 2022
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution. Critical
CVE-2022-39256 was published for CompositeC1.Core (NuGet) Sep 30, 2022
tdunlap607
Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database