GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
241 advisories
Filter by severity
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39148
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39147
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Hazelcast
High
CVE-2016-10750
was published
for
com.hazelcast:hazelcast
(Maven)
May 24, 2022
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx
High
CVE-2022-25863
was published
for
gatsby-plugin-mdx
(npm)
Jun 3, 2022
User account escalation in Apache Hadoop
High
CVE-2021-33036
was published
for
org.apache.hadoop:hadoop-yarn-server-common
(Maven)
Jun 16, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data
High
CVE-2022-39298
was published
for
melisplatform/melis-front
(Composer)
Oct 11, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data
High
CVE-2022-39297
was published
for
melisplatform/melis-cms
(Composer)
Oct 11, 2022
Deserialization of Untrusted Data in Apache Hadoop YARN
High
CVE-2021-25642
was published
for
org.apache.hadoop:hadoop-yarn-server
(Maven)
Aug 26, 2022
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin
High
CVE-2020-2211
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Denial of Service by injecting highly recursive collections or maps in XStream
High
CVE-2021-43859
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Feb 1, 2022
Remote Code Execution vulnerability in Jenkins Literate Plugin
High
CVE-2020-2158
was published
for
org.jenkins-ci.plugins:literate
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Gson
High
CVE-2022-25647
was published
for
com.google.code.gson:gson
(Maven)
May 3, 2022
Apache Geode unsafe deserialization of application objects
High
CVE-2017-15693
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Apache Brooklyn
High
CVE-2016-8744
was published
for
org.apache.brooklyn:brooklyn
(Maven)
May 17, 2022
Apache NiFi JMS Deserialization issue
High
CVE-2018-1310
was published
for
org.apache.nifi:nifi
(Maven)
May 14, 2022
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider
High
CVE-2018-1051
was published
for
org.jboss.resteasy:resteasy-yaml-provider
(Maven)
May 13, 2022
Apache Linkis subject to Remote Code Execution via deserialization
High
CVE-2022-39944
was published
for
org.apache.linkis:linkis
(Maven)
Oct 26, 2022
RCE vulnerability in Google Kubernetes Engine Plugin
High
CVE-2020-2121
was published
for
org.jenkins-ci.plugins:google-kubernetes-engine
(Maven)
May 24, 2022
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
High
CVE-2020-2166
was published
for
de.taimos:pipeline-aws
(Maven)
May 24, 2022
RCE vulnerability in Jenkins Azure Container Service Plugin
High
CVE-2020-2168
was published
for
org.jenkins-ci.plugins:azure-acs
(Maven)
May 24, 2022
RCE vulnerability in Jenkins DotCi Plugin
High
CVE-2022-41237
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
Apache InLong vulnerable to Deserialization of Untrusted Data
High
CVE-2022-40955
was published
for
org.apache.inlong:inlong-common
(Maven)
Sep 21, 2022
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14893
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
ProTip!
Advisories are also available from the
GraphQL API