GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
393 advisories
Filter by severity
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp....
Critical
Unreviewed
CVE-2022-4890
was published
Jan 16, 2023
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation...
Critical
Unreviewed
CVE-2021-27470
was published
Mar 24, 2022
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting...
Critical
Unreviewed
CVE-2021-27460
was published
Mar 24, 2022
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation...
Critical
Unreviewed
CVE-2021-27462
was published
Mar 24, 2022
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell...
Critical
Unreviewed
CVE-2021-27466
was published
Mar 24, 2022
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this...
Critical
Unreviewed
CVE-2020-19229
was published
Apr 6, 2022
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an...
Critical
Unreviewed
CVE-2021-33207
was published
Apr 6, 2022
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1...
Critical
Unreviewed
CVE-2022-23450
was published
Apr 13, 2022
pearweb < 1.32 suffers from Deserialization of Untrusted Data.
Critical
Unreviewed
CVE-2022-27158
was published
Apr 16, 2022
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later...
Critical
Unreviewed
CVE-2022-26133
was published
Apr 21, 2022
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes...
Critical
Unreviewed
CVE-2021-32935
was published
May 24, 2022
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility...
Critical
Unreviewed
CVE-2020-28032
was published
May 24, 2022
The affected products are vulnerable of untrusted data due to deserialization without prior...
Critical
Unreviewed
CVE-2022-1660
was published
Jun 3, 2022
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C...
Critical
Unreviewed
CVE-2022-29875
was published
Jun 2, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful...
Critical
Unreviewed
CVE-2022-44559
was published
Nov 10, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful...
Critical
Unreviewed
CVE-2022-44558
was published
Nov 10, 2022
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization...
Critical
Unreviewed
CVE-2017-4914
was published
May 17, 2022
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize...
Critical
Unreviewed
CVE-2016-0360
was published
May 17, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
Critical
Unreviewed
CVE-2018-18447
was published
Oct 13, 2022
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi...
Critical
Unreviewed
CVE-2017-9830
was published
May 17, 2022
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because...
Critical
Unreviewed
CVE-2022-35857
was published
Jul 14, 2022
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2017-9424
was published
May 17, 2022
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux...
Critical
Unreviewed
CVE-2016-7050
was published
May 17, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
Critical
Unreviewed
CVE-2018-18446
was published
Oct 13, 2022
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary...
Critical
Unreviewed
CVE-2016-3690
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API