GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
Deserialization of Untrusted Data in Jenkins
Moderate
CVE-2018-1999042
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Apache IoTDB: Unsafe deserialize map in Sync Tool
High
CVE-2023-51656
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Dec 21, 2023
DoS vulnerability in bundled XStream library in Jenkins Core
Moderate
CVE-2022-0538
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Feb 10, 2022
RCE vulnerability in Jenkins Yaml Axis Plugin
High
CVE-2020-2179
was published
for
org.jenkins-ci.plugins:yaml-axis
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Jenkins
Critical
CVE-2018-1000861
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
High
CVE-2021-4104
was published
for
log4j:log4j
(Maven)
Dec 14, 2021
Deserialization of Untrusted Data in Flamingo amf-serializer
Critical
CVE-2017-3202
was published
for
com.exadel.flamingo.flex:amf-serializer
(Maven)
May 13, 2022
Apache InLong Manager Arbitrary File Read Vulnerability
High
CVE-2023-51785
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Apache XML-RPC vulnerable to Deserialization of Untrusted Data
Critical
CVE-2016-5003
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
May 14, 2022
Insecure Deserialization in Apache XML-RPC
Critical
CVE-2019-17570
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
Jun 10, 2020
Remote Command Execution in SOFARPC
Critical
CVE-2024-23636
was published
for
com.alipay.sofa:rpc-sofa-boot-starter
(Maven)
Jan 23, 2024
Deserialization of Untrusted Data in Bouncy castle
Critical
CVE-2018-1000613
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
Oct 17, 2018
Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin
High
CVE-2018-1000058
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
May 14, 2022
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
Critical
CVE-2017-20189
was published
for
org.clojure:clojure
(Maven)
Jan 22, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in Apache OpenJPA
High
CVE-2013-1768
was published
for
org.apache.openjpa:openjpa
(Maven)
May 14, 2022
fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution
High
CVE-2020-10721
was published
for
io.fabric8:fabric8-maven-plugin
(Maven)
May 24, 2022
Whaleal IceFrog is vulnerable to deserialization
Moderate
CVE-2023-3308
was published
for
com.whaleal.icefrog:icefrog-all
(Maven)
Jun 18, 2023
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Critical
CVE-2017-17485
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
jackson-databind is vulnerable to a deserialization flaw
Critical
CVE-2017-7525
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-11307
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 16, 2019
jackson-databind Deserialization of Untrusted Data vulnerability
High
CVE-2018-12022
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 25, 2019
Deserialization of Untrusted Data
High
CVE-2018-12023
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 15, 2020
Deserialization of Untrusted Data in jackson-databind
High
CVE-2018-5968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 30, 2020
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
ProTip!
Advisories are also available from the
GraphQL API