Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

503 advisories

Loading
Deserialization of Untrusted Data in FasterXML jackson-databind Moderate
CVE-2019-12384 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 5, 2019
sunSUNQ
Information exposure in FasterXML jackson-databind High
CVE-2019-12086 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 23, 2019
sunSUNQ
FasterXML jackson-databind allows unauthenticated remote code execution Critical
CVE-2018-7489 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 16, 2018
sunSUNQ
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data Critical
CVE-2018-19362 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
sunSUNQ
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution Critical
CVE-2017-15095 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018
sunSUNQ
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code Moderate
CVE-2024-29032 was published for qiskit-ibm-runtime (pip) Mar 20, 2024
richrines1
Incomplete List of Disallowed Inputs in SOFA-Hessian Critical
CVE-2019-9212 was published for com.alipay.sofa:hessian (Maven) Mar 6, 2019
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ
Transformers Deserialization of Untrusted Data vulnerability Low
CVE-2024-3568 was published for transformers (pip) Apr 10, 2024
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files Critical
CVE-2016-6809 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
MarkLee131
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency Moderate
CVE-2024-28859 was published for friendsofsymfony1/swiftmailer (Composer) Mar 18, 2024
darkpills
timber/timber vulnerable to Deserialization of Untrusted Data High
CVE-2024-29800 was published for timber/timber (Composer) Apr 12, 2024
Sonicrrrr dennisenderink
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization Critical
CVE-2018-1295 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Remote code execution in zendframework and laminas-http Critical
CVE-2021-3007 was published for laminas/laminas-http (Composer) Jun 8, 2021
jsonpickle unsafe deserialization Critical
CVE-2020-22083 was published for jsonpickle (pip) May 24, 2022
rtfpessoa
rpc.py vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-35411 was published for rpc.py (pip) Jul 9, 2022
Numpy Deserialization of Untrusted Data Critical
CVE-2019-6446 was published for numpy (pip) May 24, 2022
Deserialization vulnerability exists in parso High
CVE-2019-12760 was published for parso (pip) Jun 13, 2019 withdrawn
scikit-learn Deserialization of Untrusted Data Critical
CVE-2020-13092 was published for scikit-learn (pip) May 24, 2022
Drupal Core Remote Code Execution Vulnerability High
CVE-2019-6340 was published for drupal/core (Composer) May 13, 2022
Pimcore Unserialize Remote Code Execution High
CVE-2019-10867 was published for pimcore/pimcore (Composer) May 13, 2022
phpBB Remote Code Execution High
CVE-2018-19274 was published for phpbb/phpbb (Composer) May 13, 2022
ThinkAdmin insecure unserialize vulnerability Critical
CVE-2020-23653 was published for zoujingli/thinkadmin (Composer) May 24, 2022
Froxlor PHP Object Injection vulnerability High
CVE-2018-1000527 was published for froxlor/froxlor (Composer) May 13, 2022
TYPO3 Insecure Deserialization in Query Generator & Query View High
CVE-2019-19849 was published for typo3/cms (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API