GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
505 advisories
Filter by severity
Deserialization of Untrusted Data in codeception/codeception
Critical
CVE-2021-23420
was published
for
codeception/codeception
(Composer)
Sep 1, 2021
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Critical
CVE-2018-17057
was published
for
fooman/tcpdf
(Composer)
Oct 6, 2022
Deserialization of untrusted data in Symfony
High
CVE-2019-10912
was published
for
symfony/cache
(Composer)
Feb 12, 2020
Insecure Deserialization in Backend User Settings in TYPO3 CMS
High
CVE-2020-11067
was published
for
typo3/cms
(Composer)
May 13, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
PharStreamWrapper for Typo3 unsafe deserialization vulnerability
Critical
CVE-2019-11830
was published
for
typo3/phar-stream-wrapper
(Composer)
May 24, 2022
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
High
CVE-2019-6338
was published
for
drupal/drupal
(Composer)
Dec 2, 2019
Directory Traversal in typo3/phar-stream-wrapper
Critical
CVE-2019-11831
was published
for
drupal/core
(Composer)
Sep 30, 2021
OpenStack Object Storage (swift) Code Injection vulnerability
Critical
CVE-2012-4406
was published
for
swift
(pip)
May 17, 2022
Object injection in PHPMailer/PHPMailer
Critical
CVE-2020-36326
was published
for
phpmailer/phpmailer
(Composer)
May 4, 2021
Typo3 Vulnerable to Insecure Deserialization
High
CVE-2019-12747
was published
for
typo3/cms
(Composer)
May 24, 2022
Unsafe deserialization in Yii 2
High
CVE-2020-15148
was published
for
yiisoft/yii2
(Composer)
Sep 15, 2020
Deserialization of Untrusted Data in Torrentpier
Critical
CVE-2024-1651
was published
for
torrentpier/torrentpier
(Composer)
Feb 20, 2024
php-svg-lib lacks path validation on font through SVG inline styles
Moderate
CVE-2024-25117
was published
for
phenx/php-svg-lib
(Composer)
Feb 21, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
OISF suricata-update unsafely deserializes YAML data
High
CVE-2018-1000167
was published
for
suricata-update
(pip)
May 14, 2022
Allegro AI ClearML vulnerable to deserialization of untrusted data
High
CVE-2024-24590
was published
for
clearml
(pip)
Feb 6, 2024
Deserialization of Untrusted Data in Apache OpenJPA
High
CVE-2013-1768
was published
for
org.apache.openjpa:openjpa
(Maven)
May 14, 2022
fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution
High
CVE-2020-10721
was published
for
io.fabric8:fabric8-maven-plugin
(Maven)
May 24, 2022
Whaleal IceFrog is vulnerable to deserialization
Moderate
CVE-2023-3308
was published
for
com.whaleal.icefrog:icefrog-all
(Maven)
Jun 18, 2023
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Critical
CVE-2017-17485
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
jackson-databind is vulnerable to a deserialization flaw
Critical
CVE-2017-7525
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-11307
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 16, 2019
jackson-databind Deserialization of Untrusted Data vulnerability
High
CVE-2018-12022
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 25, 2019
ProTip!
Advisories are also available from the
GraphQL API