GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
156 advisories
Filter by severity
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
High
CVE-2024-47072
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 7, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
H2O vulnerable to Deserialization of Untrusted Data
High
CVE-2024-6960
was published
for
ai.h2o:h2o-core
(Maven)
Jul 21, 2024
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability
High
CVE-2023-49566
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Linkis DataSource remote code execution vulnerability
High
CVE-2023-46801
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability
High
CVE-2024-26579
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 8, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
High
CVE-2024-22871
was published
for
org.clojure:clojure
(Maven)
Feb 29, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
High
CVE-2023-6267
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Jan 25, 2024
Apache InLong Manager Arbitrary File Read Vulnerability
High
CVE-2023-51785
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Apache IoTDB: Unsafe deserialize map in Sync Tool
High
CVE-2023-51656
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Dec 21, 2023
Bypass serialize checks in Apache Dubbo
High
CVE-2023-29234
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
logback serialization vulnerability
High
CVE-2023-6378
was published
for
ch.qos.logback:logback-classic
(Maven)
Nov 29, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
High
CVE-2023-39913
was published
for
org.apache.uima:uimaj
(Maven)
Nov 8, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-46227
was published
for
org.apache.inlong:manager-common
(Maven)
Oct 19, 2023
Apache Avro Java SDK vulnerable to Improper Input Validation
High
CVE-2023-39410
was published
for
avro
(Maven)
Sep 29, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability
High
CVE-2023-24621
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured
High
CVE-2023-34040
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Aug 24, 2023
Nacos Spring vulnerable to Unsafe Deserialization
High
CVE-2023-39106
was published
for
com.alibaba.nacos:nacos-spring-context
(Maven)
Aug 21, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param
High
CVE-2023-34434
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 25, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability
High
CVE-2023-28754
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Jul 19, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-31058
was published
for
org.apache.inlong:manager-common
(Maven)
Jul 6, 2023
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
High
CVE-2023-27296
was published
for
org.apache.inlong:inlong-manager
(Maven)
Mar 27, 2023
ProTip!
Advisories are also available from the
GraphQL API