GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
348 advisories
Filter by severity
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote...
Critical
Unreviewed
CVE-2021-25294
was published
May 24, 2022
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command...
Critical
Unreviewed
CVE-2020-24639
was published
May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to...
Critical
Unreviewed
CVE-2021-26912
was published
May 24, 2022
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace...
Critical
Unreviewed
CVE-2021-25758
was published
May 24, 2022
A accessmgrservlet classname deserialization of untrusted data remote code execution...
Critical
Unreviewed
CVE-2020-24648
was published
May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains...
Critical
Unreviewed
CVE-2020-10656
was published
May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains...
Critical
Unreviewed
CVE-2020-10655
was published
May 24, 2022
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security...
Critical
Unreviewed
CVE-2020-27131
was published
May 24, 2022
Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote...
Critical
Unreviewed
CVE-2020-5664
was published
May 24, 2022
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1...
Critical
Unreviewed
CVE-2022-29805
was published
Aug 20, 2022
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
Critical
Unreviewed
CVE-2019-15780
was published
May 24, 2022
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a...
Critical
Unreviewed
CVE-2022-24108
was published
May 18, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare...
Critical
Unreviewed
CVE-2022-38652
was published
Nov 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability...
Critical
Unreviewed
CVE-2022-38650
was published
Nov 12, 2022
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6...
Critical
Unreviewed
CVE-2022-4120
was published
Dec 26, 2022
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured...
Critical
Unreviewed
CVE-2016-6330
was published
May 17, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior...
Critical
Unreviewed
CVE-2022-33318
was published
Jul 21, 2022
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON...
Critical
Unreviewed
CVE-2019-16891
was published
May 24, 2022
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a...
Critical
Unreviewed
CVE-2016-6199
was published
May 17, 2022
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML...
Critical
Unreviewed
CVE-2017-5983
was published
May 17, 2022
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation...
Critical
Unreviewed
CVE-2022-35223
was published
Aug 3, 2022
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
Critical
Unreviewed
CVE-2021-41419
was published
Jul 19, 2022
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to...
Critical
Unreviewed
CVE-2017-9363
was published
May 17, 2022
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary...
Critical
Unreviewed
CVE-2016-3690
was published
May 17, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
Critical
Unreviewed
CVE-2018-18446
was published
Oct 13, 2022
ProTip!
Advisories are also available from the
GraphQL API