Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization... Critical Unreviewed
CVE-2017-4914 was published May 17, 2022
OpenStack Object Storage (swift) Code Injection vulnerability Critical
CVE-2012-4406 was published for swift (pip) May 17, 2022
CrushFTP 8.x before 8.2.0 has a serialization vulnerability. Critical Unreviewed
CVE-2017-14035 was published May 17, 2022
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load,... Critical Unreviewed
CVE-2017-2292 was published May 17, 2022
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed
CVE-2015-7450 was published May 17, 2022
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A,... Critical Unreviewed
CVE-2017-10932 was published May 17, 2022
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference... Critical Unreviewed
CVE-2017-12796 was published May 17, 2022
Deserialization of Untrusted Data in Spring AMQP Critical
CVE-2017-8045 was published for org.springframework.amqp:spring-amqp (Maven) May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code... Critical Unreviewed
CVE-2022-30779 was published May 17, 2022
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code... Critical Unreviewed
CVE-2022-30778 was published May 17, 2022
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads... Critical Unreviewed
CVE-2017-17672 was published May 14, 2022
Jenkins allows Execution of Code by Opening a JRMP Listener Critical
CVE-2016-0788 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain... Critical Unreviewed
CVE-2016-7124 was published May 14, 2022
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3... Critical Unreviewed
CVE-2017-5792 was published May 14, 2022
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3)... Critical Unreviewed
CVE-2017-4947 was published May 14, 2022
A remote code execution vulnerability in HPE Operations Orchestration Community edition and... Critical Unreviewed
CVE-2016-8519 was published May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC... Critical Unreviewed
CVE-2017-12556 was published May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC... Critical Unreviewed
CVE-2017-12558 was published May 14, 2022
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center ... Critical Unreviewed
CVE-2017-5790 was published May 14, 2022
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java... Critical Unreviewed
CVE-2016-8511 was published May 14, 2022
Apache Geode unsafe deserialization in TcpServer Critical
CVE-2017-15692 was published for org.apache.geode:geode-core (Maven) May 14, 2022
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by... Critical Unreviewed
CVE-2015-2020 was published May 14, 2022
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was... Critical Unreviewed
CVE-2017-12149 was published May 14, 2022
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function... Critical Unreviewed
CVE-2016-6620 was published May 14, 2022
Django Tastypie Improper Deserialization of YAML Data Critical
CVE-2011-4104 was published for django-tastypie (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database