GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
Deserialization of Untrusted Data in Apache Tapestry
Critical
CVE-2019-0195
was published
for
org.apache.tapestry:tapestry-core
(Maven)
May 24, 2022
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
Deserialization exploitation in Apache Dubbo
Critical
CVE-2020-11995
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Feb 9, 2022
Remote code execution in Apache Tapestry
Critical
CVE-2021-27850
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Jun 16, 2021
Deserialization of Untrusted Data in Apache Dubbo
Critical
CVE-2020-1948
was published
for
org.apache.dubbo:dubbo
(Maven)
Feb 10, 2022
Deserialization of Untrusted Data in Apache Dubbo
Critical
CVE-2021-30179
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Remote Code Execution Vulnerability in Session Storage
Critical
CVE-2021-29485
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Deserialization of Untrusted Data in Apache jUDDI
Critical
CVE-2021-37578
was published
for
org.apache.juddi:juddi-core
(Maven)
Aug 9, 2021
Deserializer tampering in Apache Dubbo
Critical
CVE-2021-25641
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Deserialization of Untrusted Data in Neo4j
Critical
CVE-2021-34371
was published
for
org.neo4j:neo4j
(Maven)
Sep 1, 2021
Hessian protocol configuration vulnerability in Apache Dubbo
Critical
CVE-2021-36163
was published
for
org.apache.dubbo:dubbo
(Maven)
Sep 8, 2021
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-40865
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
Security check skip in Apache Dubbo
Critical
CVE-2021-37579
was published
for
org.apache.dubbo:dubbo
(Maven)
Sep 10, 2021
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils
Critical
CVE-2021-41616
was published
for
org.apache.ddlutils:ddlutils
(Maven)
Oct 4, 2021
Hessian Lite for Apache Dubbo deserialization vulnerability
Critical
CVE-2022-39198
was published
for
com.alibaba:hessian-lite
(Maven)
Oct 19, 2022
Apache Camel camel-hessian component vulnerable to Java object deserialization
Critical
CVE-2017-12633
was published
for
org.apache.camel:camel-hessian
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Dubbo
Critical
CVE-2021-43297
was published
for
org.apache.dubbo:dubbo
(Maven)
Jan 12, 2022
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24997
was published
for
org.apache.inlong:inlong
(Maven)
Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24162
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Critical
CVE-2019-10202
was published
for
org.codehaus.jackson:jackson-mapper-asl
(Maven)
May 24, 2022
Apache Geode vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-37021
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
Apache Dubbo vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-23638
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 8, 2023
Apache Linkis DatasourceManager module has deserialization vulnerability
Critical
CVE-2023-29216
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Apr 10, 2023
Apache Linkis JDBC EngineConn has deserialization vulnerability
Critical
CVE-2023-29215
was published
for
org.apache.linkis:linkis-engineconn
(Maven)
Apr 10, 2023
ProTip!
Advisories are also available from the
GraphQL API