Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection. Critical Unreviewed
CVE-2018-20984 was published May 24, 2022
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6... Critical Unreviewed
CVE-2019-0344 was published May 24, 2022
Akamai CloudTest before 58.30 allows remote code execution. Critical Unreviewed
CVE-2019-11011 was published May 24, 2022
In Godot through 3.1, remote code execution is possible due to the deserialization policy not... Critical Unreviewed
CVE-2019-10069 was published May 24, 2022
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in... Critical Unreviewed
CVE-2019-9874 was published May 24, 2022
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in... Critical Unreviewed
CVE-2019-6980 was published May 24, 2022
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or... Critical Unreviewed
CVE-2019-12240 was published May 24, 2022
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source... Critical Unreviewed
CVE-2019-12241 was published May 24, 2022
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2019-4279 was published May 24, 2022
PharStreamWrapper for Typo3 unsafe deserialization vulnerability Critical
CVE-2019-11830 was published for typo3/phar-stream-wrapper (Composer) May 24, 2022
An attacker could send a specifically crafted payload to the XML-RPC invocation script and... Critical Unreviewed
CVE-2019-5434 was published May 24, 2022
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An... Critical Unreviewed
CVE-2019-7214 was published May 24, 2022
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes... Critical Unreviewed
CVE-2021-32935 was published May 24, 2022
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a... Critical Unreviewed
CVE-2022-24108 was published May 18, 2022
eDeploy has RCE via cPickle deserialization of untrusted data Critical Unreviewed
CVE-2014-3699 was published May 17, 2022
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured... Critical Unreviewed
CVE-2016-6330 was published May 17, 2022
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2016-6199 was published May 17, 2022
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML... Critical Unreviewed
CVE-2017-5983 was published May 17, 2022
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to... Critical Unreviewed
CVE-2017-9363 was published May 17, 2022
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux... Critical Unreviewed
CVE-2016-7050 was published May 17, 2022
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2016-3690 was published May 17, 2022
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2017-9424 was published May 17, 2022
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi... Critical Unreviewed
CVE-2017-9830 was published May 17, 2022
Deserialization of Untrusted Data in NancyFX Nancy Critical
CVE-2017-9785 was published for Nancy (NuGet) May 17, 2022
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize... Critical Unreviewed
CVE-2016-0360 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database