Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,935 advisories

Loading
Unsafe Deserialization in jackson-databind High
CVE-2020-36188 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36183 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36184 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36180 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36181 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36185 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36179 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36182 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-24750 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
westonsteimel
Serialization gadget exploit in jackson-databind High
CVE-2020-35728 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Serialization gadgets exploit in jackson-databind High
CVE-2020-35491 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
mpihelgas
Serialization gadgets exploit in jackson-databind High
CVE-2020-35490 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
sunSUNQ
Code Injection in jackson-databind High
CVE-2020-24616 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Path Traversal in com.linecorp.armeria:armeria High
CVE-2021-43795 was published for com.linecorp.armeria:armeria (Maven) Dec 2, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40830 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40829 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40831 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Incorrect Authorization in Apache Ozone High
CVE-2021-39232 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens High
CVE-2021-39236 was published for org.apache.hadoop:hadoop-ozone-ozone-manager (Maven) Nov 23, 2021
Code injection in spring-cloud-netflix-hystrix-dashboard High
CVE-2021-22053 was published for org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard (Maven) Nov 23, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36186 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 19, 2021
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
SQL injection in Apache DolphinScheduler High
CVE-2021-27644 was published for org.apache.dolphinscheduler:dolphinscheduler-server (Maven) Nov 3, 2021
Communities and collections administrators can escalate their privilege up to system administrator High
CVE-2021-41189 was published for org.dspace:dspace-api (Maven) Nov 1, 2021
abollini
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database