Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
Ops CLI Deserialization of Untrusted Data vulnerability Critical
CVE-2021-40720 was published for ops-cli (pip) May 24, 2022
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code... Critical Unreviewed
CVE-2021-42090 was published May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR... Critical Unreviewed
CVE-2021-40102 was published May 24, 2022
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute... Critical Unreviewed
CVE-2021-39392 was published May 24, 2022
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All... Critical Unreviewed
CVE-2021-37181 was published May 24, 2022
A conference management system of ZTE is impacted by a command execution vulnerability. Since the... Critical Unreviewed
CVE-2021-21741 was published May 24, 2022
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml... Critical Unreviewed
CVE-2021-34066 was published May 24, 2022
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. Critical Unreviewed
CVE-2021-37544 was published May 24, 2022
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure... Critical Unreviewed
CVE-2021-36483 was published May 24, 2022
IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the... Critical Unreviewed
CVE-2021-29781 was published May 24, 2022
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7... Critical Unreviewed
CVE-2020-5341 was published May 24, 2022
ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in... Critical Unreviewed
CVE-2021-35464 was published May 24, 2022
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for... Critical Unreviewed
CVE-2021-24384 was published May 24, 2022
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507... Critical Unreviewed
CVE-2021-35971 was published May 24, 2022
JFinal Java Deserialization Vulnerability Critical
CVE-2021-31649 was published for com.jfinal:jfinal (Maven) May 24, 2022
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to... Critical Unreviewed
CVE-2020-9493 was published May 24, 2022
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it... Critical Unreviewed
CVE-2021-33806 was published May 24, 2022
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8... Critical Unreviewed
CVE-2021-23894 was published May 24, 2022
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an... Critical Unreviewed
CVE-2021-27852 was published May 24, 2022
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. Critical Unreviewed
CVE-2021-32075 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2021-31474 was published May 24, 2022
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. Critical Unreviewed
CVE-2021-32098 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can... Critical Unreviewed
CVE-2021-29200 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.07 version Critical Unreviewed
CVE-2021-30128 was published May 24, 2022
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a... Critical Unreviewed
CVE-2021-3287 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database