Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

727 advisories

Loading
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve... High Unreviewed
CVE-2020-14172 was published May 24, 2022
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an... High Unreviewed
CVE-2022-3679 was published Jan 10, 2023
Apache Geode unsafe deserialization of application objects High
CVE-2017-15693 was published for org.apache.geode:geode-core (Maven) May 14, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute... High Unreviewed
CVE-2020-4589 was published May 24, 2022
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file,... High Unreviewed
CVE-2022-3417 was published Jan 10, 2023
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote... High Unreviewed
CVE-2020-35488 was published May 24, 2022
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2,... High Unreviewed
CVE-2019-4728 was published May 24, 2022
rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows... High Unreviewed
CVE-2020-8884 was published May 24, 2022
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x... High Unreviewed
CVE-2020-12525 was published May 24, 2022
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker... High Unreviewed
CVE-2020-4888 was published May 24, 2022
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated... High Unreviewed
CVE-2020-35932 was published May 24, 2022
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all... High Unreviewed
CVE-2020-9301 was published May 24, 2022
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a... High Unreviewed
CVE-2021-20076 was published May 24, 2022
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress... High Unreviewed
CVE-2020-35939 was published May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... High Unreviewed
CVE-2020-10657 was published May 24, 2022
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database... High Unreviewed
CVE-2021-29654 was published May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management... High Unreviewed
CVE-2021-25152 was published May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management... High Unreviewed
CVE-2021-25151 was published May 24, 2022
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such... High Unreviewed
CVE-2021-24280 was published May 24, 2022
In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories... High Unreviewed
CVE-2021-33898 was published May 24, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of... High Unreviewed
CVE-2021-27240 was published May 24, 2022
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user... High Unreviewed
CVE-2021-24217 was published May 24, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of... High Unreviewed
CVE-2021-27277 was published May 24, 2022
There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can... High Unreviewed
CVE-2021-22439 was published May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager... High Unreviewed
CVE-2021-29150 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database