Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
Pippo RCE Vulnerability Critical
CVE-2018-18240 was published for ro.pippo:pippo-core (Maven) May 13, 2022
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call... Critical Unreviewed
CVE-2018-10085 was published May 13, 2022
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in... Critical Unreviewed
CVE-2018-1000641 was published May 13, 2022
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request... Critical Unreviewed
CVE-2018-1000525 was published May 13, 2022
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form... Critical Unreviewed
CVE-2018-1000059 was published May 13, 2022
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote... Critical Unreviewed
CVE-2016-1114 was published May 13, 2022
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10... Critical Unreviewed
CVE-2017-3066 was published May 13, 2022
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed
CVE-2017-11283 was published May 13, 2022
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed
CVE-2017-11284 was published May 13, 2022
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have... Critical Unreviewed
CVE-2018-4939 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15957 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15958 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15965 was published May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15959 was published May 13, 2022
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to... Critical Unreviewed
CVE-2018-0147 was published May 13, 2022
Deserialization of Untrusted Data in Apache Batik Critical
CVE-2018-8013 was published for org.apache.xmlgraphics:batik (Maven) May 13, 2022
MarkLee131
Credited to MarkLee131
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5... Critical Unreviewed
CVE-2018-15691 was published May 13, 2022
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote... Critical Unreviewed
CVE-2014-9515 was published May 13, 2022
Apache Flex BlazeDS unsafe deserialization Critical
CVE-2017-5641 was published for org.apache.flex.blazeds:flex-messaging-core (Maven) May 13, 2022
An exploitable code execution vulnerability exists in the Levin deserialization functionality of... Critical Unreviewed
CVE-2018-3972 was published May 13, 2022
Deserialization of Untrusted Data in Jenkins Critical
CVE-2017-1000353 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Jenkins Critical
CVE-2018-1000861 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function... Critical Unreviewed
CVE-2022-29363 was published May 13, 2022
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-23592 was published for topthink/framework (Composer) May 7, 2022
The Java Remote Management Interface of all versions of SVI MS Management System was discovered... Critical Unreviewed
CVE-2020-23621 was published May 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database