Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,518
Maven
5,000+
npm
4,156
NuGet
736
pip
3,955
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,913 advisories

Loading
Deserialization of Untrusted Data in Jodd Critical
CVE-2018-21234 was published for org.jodd:jodd-json (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2020-1948 was published for org.apache.dubbo:dubbo (Maven) Feb 10, 2022
Gadget chain attack in Nippy High
CVE-2020-24164 was published for com.taoensso:nippy (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache ShardingSphere High
CVE-2020-1947 was published for org.apache.shardingsphere:shardingsphere (Maven) Feb 10, 2022
DoS vulnerability in bundled XStream library in Jenkins Core Moderate
CVE-2022-0538 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 10, 2022
NotMyFault
Microsoft SharePoint Server Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-22005 was published Feb 10, 2022
Serialization vulnerability in Apache Tapestry Critical
CVE-2020-17531 was published for org.apache.tapestry:tapestry-project (Maven) Feb 9, 2022
Remote code execution in DolphinScheduler Critical
CVE-2020-11974 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 9, 2022
Deserialization exploitation in Apache Dubbo Critical
CVE-2020-11995 was published for org.apache.dubbo:dubbo-parent (Maven) Feb 9, 2022
Arbitrary code execution in Apache ServiceComb java-chassis High
CVE-2020-17532 was published for org.apache.servicecomb:java-chassis (Maven) Feb 9, 2022
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading... High Unreviewed
CVE-2021-42631 was published Feb 1, 2022
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote... Critical Unreviewed
CVE-2021-45899 was published Jan 29, 2022
Insecure Java Deserialization in Apache Karaf High
CVE-2021-41766 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Jan 28, 2022
Deserialization of Untrusted Data in Log4j 1.x High
CVE-2022-23302 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Deserialization of Untrusted Data in Apache Log4j Critical
CVE-2022-23307 was published for log4j:log4j (Maven) Jan 19, 2022
zbazztian SebGondron
Deserialization of Untrusted Data in Dubbo Critical
CVE-2021-43297 was published for org.apache.dubbo:dubbo (Maven) Jan 12, 2022
pytorch-lightning is vulnerable to Deserialization of Untrusted Data High
CVE-2021-4118 was published for pytorch-lightning (pip) Jan 6, 2022
akihironitta
RCE in H2 Console Critical
CVE-2021-42392 was published for com.h2database:h2 (Maven) Jan 6, 2022
Deserialization of Untrusted Data in Codeigniter4 High
CVE-2022-21647 was published for codeigniter4/framework (Composer) Jan 6, 2022
Deserialization of Untrusted Data in rust-cpuid Critical
CVE-2021-45687 was published for raw-cpuid (Rust) Jan 6, 2022
richardfan0606
Deserialization of Untrusted Data in Apache Heron High
CVE-2020-1964 was published for org.apache.heron:heron-simulator (Maven) Jan 6, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 ashmind
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database