Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

668 advisories

Loading
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A... High Unreviewed
CVE-2021-20318 was published Dec 24, 2021
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data High
GHSA-3w6p-8f82-gw8r was published for ru.yandex.clickhouse:clickhouse-jdbc-bridge (Maven) Dec 17, 2021
In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization... High Unreviewed
CVE-2021-0928 was published Dec 16, 2021
In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization... High Unreviewed
CVE-2021-0970 was published Dec 16, 2021
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data High
CVE-2021-4104 was published for log4j:log4j (Maven) Dec 14, 2021
SebGondron
Unsafe Deserialization that can Result in Code Execution High
CVE-2020-36282 was published for com.rabbitmq.jms:rabbitmq-jms (Maven) Dec 10, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36189 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36187 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36188 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36183 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36184 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36180 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36181 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36185 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36179 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36182 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-24750 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
westonsteimel
Serialization gadget exploit in jackson-databind High
CVE-2020-35728 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Serialization gadgets exploit in jackson-databind High
CVE-2020-35491 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
mpihelgas
Serialization gadgets exploit in jackson-databind High
CVE-2020-35490 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
sunSUNQ
Code Injection in jackson-databind High
CVE-2020-24616 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows... High Unreviewed
CVE-2021-42130 was published Dec 8, 2021
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object... High Unreviewed
CVE-2021-43360 was published Dec 2, 2021
Unsafe Deserialization in jackson-databind High
CVE-2020-36186 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 19, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database