Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe... Critical Unreviewed
CVE-2016-9498 was published May 13, 2022
RubyGems vulnerable to Deserialization of Untrusted Data Critical
CVE-2017-0903 was published for rubygems-update (RubyGems) May 13, 2022
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3... Critical Unreviewed
CVE-2017-11153 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-17406 was published May 13, 2022
Deserialization of Untrusted Data in Flamingo amf-serializer Critical
CVE-2017-3202 was published for com.exadel.flamingo.flex:amf-serializer (Maven) May 13, 2022
The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1... Critical Unreviewed
CVE-2017-3207 was published May 13, 2022
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which... Critical Unreviewed
CVE-2017-7504 was published May 13, 2022
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated,... Critical Unreviewed
CVE-2018-15381 was published May 13, 2022
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote,... Critical Unreviewed
CVE-2018-15616 was published May 13, 2022
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows... Critical Unreviewed
CVE-2018-19276 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed
CVE-2018-1567 was published May 13, 2022
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute... Critical Unreviewed
CVE-2018-1851 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed
CVE-2018-1904 was published May 13, 2022
Buck parser-cache command loads/saves state using Java serialized object. If the state... Critical Unreviewed
CVE-2018-6331 was published May 13, 2022
Jenkins CLI Deserialization of Untrusted Data vulnerability Critical
CVE-2015-8103 was published for org.jenkins-ci.main:cli (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10... Critical Unreviewed
CVE-2019-10068 was published May 13, 2022
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via... Critical Unreviewed
CVE-2016-3415 was published May 13, 2022
Deserialization of Untrusted Data in Jython Critical
CVE-2016-4000 was published for org.python:jython (Maven) May 13, 2022
Deserialization of Untrusted Data in Apache commons collections Critical
CVE-2015-7501 was published for commons-collections:commons-collections (Maven) May 13, 2022
wtwhite
Credited to wtwhite
Deserialization of Untrusted Data in Groovy Critical
CVE-2016-6814 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
SunBK201 SebGondron
Credited to SunBK201 and SebGondron
Apache MyFaces Trinidad Deserialization Vulnerability Critical
CVE-2016-5019 was published for org.apache.myfaces.trinidad:trinidad (Maven) May 13, 2022
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com... Critical Unreviewed
CVE-2017-14702 was published May 13, 2022
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it... Critical Unreviewed
CVE-2017-5878 was published May 13, 2022
Joomla! Object Injection Vulnerability Critical
CVE-2019-7743 was published for joomla/joomla-cms (Composer) May 13, 2022
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed... Critical Unreviewed
CVE-2018-20718 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database