Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,433 advisories

Loading
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data Critical
CVE-2018-19362 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
sunSUNQ
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-19361 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization Critical
CVE-2018-19360 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
G-Rath
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14718 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution Critical
CVE-2017-18342 was published for pyyaml (pip) Jan 4, 2019
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
Apache Spark Deserialization of Untrusted Data vulnerability High
CVE-2017-12612 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
Deserialization of Untrusted Data in superset Critical
CVE-2018-8021 was published for superset (pip) Nov 9, 2018
conference-scheduler-cli Arbitrary Code Execution High
CVE-2018-14572 was published for conference-scheduler-cli (pip) Oct 29, 2018
Deserialization of Untrusted Data in Pippo Critical
CVE-2018-18628 was published for ro.pippo:pippo-core (Maven) Oct 24, 2018
MarkLee131
Akka Java Serialization vulnerability High
CVE-2017-1000034 was published for com.typesafe.akka:akka-actor (Maven) Oct 22, 2018
Deserialization of Untrusted Data in swagger-parser High
CVE-2017-1000208 was published for io.swagger:swagger-codegen (Maven) Oct 19, 2018
Deserialization of Untrusted Data in swagger-codegen High
CVE-2017-1000207 was published for io.swagger:swagger-codegen (Maven) Oct 19, 2018
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass Critical
CVE-2017-17485 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018
sunSUNQ
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution Critical
CVE-2017-15095 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018
sunSUNQ
Deserialization of Untrusted Data in Bouncy castle Critical
CVE-2018-1000613 was published for org.bouncycastle:bcprov-jdk15on (Maven) Oct 17, 2018
jkmartindale
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files Critical
CVE-2016-6809 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
MarkLee131
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods High
CVE-2014-0003 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks Critical
CVE-2016-8749 was published for org.apache.camel:camel-jackson (Maven) Oct 16, 2018
sunSUNQ
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation Critical
CVE-2017-12634 was published for org.apache.camel:camel-castor (Maven) Oct 16, 2018
sunSUNQ
Code execution via deserialization in org.apache.ignite:ignite-core Critical
CVE-2018-8018 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
MarkLee131
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization Critical
CVE-2018-1295 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering High
CVE-2017-9805 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
sunSUNQ
FasterXML jackson-databind allows unauthenticated remote code execution Critical
CVE-2018-7489 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization Critical
CVE-2017-3159 was published for org.apache.camel:camel-snakeyaml (Maven) Oct 16, 2018
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database