Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

668 advisories

Loading
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker... High Unreviewed
CVE-2019-6834 was published Apr 14, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code... High Unreviewed
CVE-2022-22957 was published Apr 14, 2022
Arbitrary Code Execution in Cookie Serialization High
CVE-2017-1000053 was published for plug (Erlang) Apr 12, 2022
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an... High Unreviewed
CVE-2022-20763 was published Apr 7, 2022
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater... High Unreviewed
CVE-2022-1032 was published Mar 30, 2022
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects... High Unreviewed
CVE-2021-27475 was published Mar 24, 2022
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x... High Unreviewed
CVE-2022-26503 was published Mar 18, 2022
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users... High Unreviewed
CVE-2022-23940 was published Mar 11, 2022
A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to... High Unreviewed
CVE-2022-24282 was published Mar 9, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... High Unreviewed
CVE-2022-0138 was published Feb 19, 2022
Deserialization of untrusted data in Apache Cayenne High
CVE-2022-24289 was published for org.apache.cayenne:cayenne-server (Maven) Feb 12, 2022
In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization... High Unreviewed
CVE-2021-39676 was published Feb 12, 2022
Deserialization of Untrusted Data in Magnolia CMS High
CVE-2021-46364 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Gadget chain attack in Nippy High
CVE-2020-24164 was published for com.taoensso:nippy (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache ShardingSphere High
CVE-2020-1947 was published for org.apache.shardingsphere:shardingsphere (Maven) Feb 10, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-22005 was published Feb 10, 2022
Arbitrary code execution in Apache ServiceComb java-chassis High
CVE-2020-17532 was published for org.apache.servicecomb:java-chassis (Maven) Feb 9, 2022
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading... High Unreviewed
CVE-2021-42631 was published Feb 1, 2022
Insecure Java Deserialization in Apache Karaf High
CVE-2021-41766 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Jan 28, 2022
Deserialization of Untrusted Data in Log4j 1.x High
CVE-2022-23302 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron
pytorch-lightning is vulnerable to Deserialization of Untrusted Data High
CVE-2021-4118 was published for pytorch-lightning (pip) Jan 6, 2022
akihironitta
Deserialization of Untrusted Data in Codeigniter4 High
CVE-2022-21647 was published for codeigniter4/framework (Composer) Jan 6, 2022
Deserialization of Untrusted Data in Apache Heron High
CVE-2020-1964 was published for org.apache.heron:heron-simulator (Maven) Jan 6, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 ashmind
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database