GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,395
Composer 4,383
Erlang 33
GitHub Actions 22
Go 2,141
Maven 5,314
npm 3,803
NuGet 687
pip 3,479
Pub 12
RubyGems 897
Rust 898
Swift 38

Unreviewed advisories

All unreviewed 245,615

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,012 advisories

Filter by severity

Sort by

Least recently updated

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized... Critical Unreviewed

CVE-2017-5830 was published May 13, 2022

In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due... High Unreviewed

CVE-2017-13286 was published May 13, 2022

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0,... High Unreviewed

CVE-2017-10803 was published May 13, 2022

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to... High Unreviewed

CVE-2017-1000148 was published May 13, 2022

An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product:... High Unreviewed

CVE-2017-0806 was published May 13, 2022

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray... High Unreviewed

CVE-2016-0750 was published May 13, 2022

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x,... High Unreviewed

CVE-2016-8648 was published May 13, 2022

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the... Moderate Unreviewed

CVE-2016-8653 was published May 13, 2022

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the... Critical Unreviewed

CVE-2016-9483 was published May 13, 2022

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe... Critical Unreviewed

CVE-2016-9498 was published May 13, 2022

Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX... Moderate Unreviewed

CVE-2016-9585 was published May 13, 2022

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3... Critical Unreviewed

CVE-2017-11153 was published May 13, 2022

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed

CVE-2017-17406 was published May 13, 2022

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version... High Unreviewed

CVE-2017-3201 was published May 13, 2022

The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1... Critical Unreviewed

CVE-2017-3207 was published May 13, 2022

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which... Critical Unreviewed

CVE-2017-7504 was published May 13, 2022

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach... High Unreviewed

CVE-2018-12539 was published May 13, 2022

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated,... Critical Unreviewed

CVE-2018-15381 was published May 13, 2022

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote,... Critical Unreviewed

CVE-2018-15616 was published May 13, 2022

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows... Critical Unreviewed

CVE-2018-19276 was published May 13, 2022

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed

CVE-2018-1567 was published May 13, 2022

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute... Critical Unreviewed

CVE-2018-1851 was published May 13, 2022

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed

CVE-2018-1904 was published May 13, 2022

Buck parser-cache command loads/saves state using Java serialized object. If the state... Critical Unreviewed

CVE-2018-6331 was published May 13, 2022

A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017... High Unreviewed

CVE-2018-7529 was published May 13, 2022

Previous 1 2 … 35 36 37 38 39 40 41 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,012 advisories