Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in... Critical Unreviewed
CVE-2017-10934 was published May 14, 2022
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via... Critical Unreviewed
CVE-2014-8731 was published May 14, 2022
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote... Critical Unreviewed
CVE-2016-0779 was published May 14, 2022
Apache XML-RPC vulnerable to Deserialization of Untrusted Data Critical
CVE-2016-5003 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly... Critical Unreviewed
CVE-2017-9844 was published May 14, 2022
MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that... Critical Unreviewed
CVE-2018-1000824 was published May 14, 2022
Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter... Critical Unreviewed
CVE-2018-1000827 was published May 14, 2022
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter... Critical Unreviewed
CVE-2018-1000833 was published May 14, 2022
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2018-20732 was published May 14, 2022
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute... Critical Unreviewed
CVE-2019-6503 was published May 14, 2022
Laravel Framework Deserialization Vulnerability Critical
CVE-2019-9081 was published for laravel/framework (Composer) May 14, 2022
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows... Critical Unreviewed
CVE-2018-9843 was published May 14, 2022
Apache OpenMeetings RCE Critical
CVE-2016-8736 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection... Critical Unreviewed
CVE-2018-20148 was published May 14, 2022
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC... Critical Unreviewed
CVE-2017-12557 was published May 14, 2022
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that... Critical Unreviewed
CVE-2017-18365 was published May 14, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2018-2628 was published May 14, 2022
The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote... Critical Unreviewed
CVE-2016-6793 was published May 14, 2022
Apache Camel camel-hessian component vulnerable to Java object deserialization Critical
CVE-2017-12633 was published for org.apache.camel:camel-hessian (Maven) May 14, 2022
The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to... Critical Unreviewed
CVE-2016-3957 was published May 14, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2018-3245 was published May 13, 2022
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter... Critical Unreviewed
CVE-2018-1000832 was published May 13, 2022
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized... Critical Unreviewed
CVE-2017-5830 was published May 13, 2022
Unsafe pyyaml load usage in PyAnyAPI Critical
CVE-2017-16616 was published for pyanyapi (pip) May 13, 2022
westonsteimel
Credited to westonsteimel
The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the... Critical Unreviewed
CVE-2016-9483 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database