Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security... Critical Unreviewed
CVE-2020-27131 was published May 24, 2022
Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote... Critical Unreviewed
CVE-2020-5664 was published May 24, 2022
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility... Critical Unreviewed
CVE-2020-28032 was published May 24, 2022
A accessmgrservlet classname deserialization of untrusted data remote code execution... Critical Unreviewed
CVE-2020-24648 was published May 24, 2022
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe... Critical Unreviewed
CVE-2020-26867 was published May 24, 2022
scikit-learn Deserialization of Untrusted Data Critical
CVE-2020-13092 was published for scikit-learn (pip) May 24, 2022
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the... Critical Unreviewed
CVE-2020-6967 was published May 24, 2022
Deserialization of Untrusted Data in Liferay Portal Critical
CVE-2020-7961 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) May 24, 2022
amuravski liefke
Credited to amuravski and liefke
Deserialization of Untrusted Data in JYaml Critical
CVE-2020-8441 was published for org.jyaml:jyaml (Maven) May 24, 2022
Magento deserialization vulnerability Critical
CVE-2020-3716 was published for magento/community-edition (Composer) May 24, 2022
Pivotal Spring Framework contains unsafe Java deserialization methods Critical
CVE-2016-1000027 was published for org.springframework:spring-web (Maven) May 24, 2022
bclozel
Credited to bclozel
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker... Critical Unreviewed
CVE-2019-18316 was published May 24, 2022
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of... Critical Unreviewed
CVE-2019-18580 was published May 24, 2022
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow... Critical Unreviewed
CVE-2019-18364 was published May 24, 2022
A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON... Critical Unreviewed
CVE-2019-12017 was published May 24, 2022
Mulesoft Mule Unsafe Deserialization Critical
CVE-2019-13116 was published for org.mule.runtime:mule (Maven) May 24, 2022
Liferay Portal Allows RCE via Deserialization of a JSON Payload Critical
CVE-2019-16891 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow... Critical Unreviewed
CVE-2019-12630 was published May 24, 2022
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl Critical
CVE-2019-10202 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) May 24, 2022
A vulnerability was discovered in BMC MyIT Digital Workplace DWP before 18.11. The DWP component... Critical Unreviewed
CVE-2019-16755 was published May 24, 2022
download.php in inoERP 4.15 allows SQL injection through insecure deserialization. Critical Unreviewed
CVE-2019-16894 was published May 24, 2022
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is... Critical Unreviewed
CVE-2019-0189 was published May 24, 2022
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. Critical Unreviewed
CVE-2019-15780 was published May 24, 2022
Spoon Library as used in Fork CMS allows PHP object injection Critical
CVE-2019-15521 was published for spoon/library (Composer) May 24, 2022
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. Critical Unreviewed
CVE-2018-20987 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database