Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
Apache Geode vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-37021 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
raboof
Credited to raboof
NVFLARE unsafe deserialization due to Pickle Critical
CVE-2022-34668 was published for nvflare (pip) Aug 31, 2022
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1... Critical Unreviewed
CVE-2022-29805 was published Aug 20, 2022
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some... Critical Unreviewed
CVE-2022-2870 was published Aug 18, 2022
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation... Critical Unreviewed
CVE-2022-35223 was published Aug 3, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior... Critical Unreviewed
CVE-2022-33318 was published Jul 21, 2022
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to... Critical Unreviewed
CVE-2022-35405 was published Jul 20, 2022
If an on-premise installation of the Pega Platform is configured with the port for the JMX... Critical Unreviewed
CVE-2022-24082 was published Jul 20, 2022
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. Critical Unreviewed
CVE-2021-41419 was published Jul 19, 2022
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2022-2437 was published Jul 19, 2022
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because... Critical Unreviewed
CVE-2022-35857 was published Jul 14, 2022
Active Record RCE bug with Serialized Columns Critical
CVE-2022-32224 was published for activerecord (RubyGems) Jul 12, 2022
rpc.py vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-35411 was published for rpc.py (pip) Jul 9, 2022
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2022-33107 was published for topthink/framework (Composer) Jun 30, 2022
Unsafe yaml deserialization in NVFlare Critical
CVE-2022-31605 was published for nvflare (pip) Jun 22, 2022
Unsafe deserialisation in the PKI implementation scheme of NVFlare Critical
CVE-2022-31604 was published for nvflare (pip) Jun 22, 2022
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
Credited to mir-hossein
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
Credited to plygrnd and tdunlap607
The affected products are vulnerable of untrusted data due to deserialization without prior... Critical Unreviewed
CVE-2022-1660 was published Jun 3, 2022
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C... Critical Unreviewed
CVE-2022-29875 was published Jun 2, 2022
Numpy Deserialization of Untrusted Data Critical
CVE-2019-6446 was published for numpy (pip) May 24, 2022
Deserialization of Untrusted Data in Apache Tapestry Critical
CVE-2019-0195 was published for org.apache.tapestry:tapestry-core (Maven) May 24, 2022
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure... Critical Unreviewed
CVE-2021-42237 was published May 24, 2022
Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks... Critical Unreviewed
CVE-2019-19810 was published May 24, 2022
Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data... Critical Unreviewed
CVE-2021-40719 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database