GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39153
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Spring AMQP
Critical
CVE-2017-8045
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 17, 2022
Deserialization of Untrusted Data in Spring-flex
High
CVE-2017-3203
was published
for
org.springframework.flex:spring-flex
(Maven)
May 13, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39139
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Infinispan
High
CVE-2018-1131
was published
for
org.infinispan:infinispan-core
(Maven)
May 13, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Spring Batch
High
CVE-2020-5411
was published
for
org.springframework.batch:spring-batch-core
(Maven)
May 24, 2022
Insecure Deserialization in Apache Commons Beanutils
High
CVE-2019-10086
was published
for
commons-beanutils:commons-beanutils
(Maven)
Jun 15, 2020
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39148
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39147
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Hazelcast
High
CVE-2016-10750
was published
for
com.hazelcast:hazelcast
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22097
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 24, 2022
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
Moderate
CVE-2021-32828
was published
for
org.nuxeo.ecm.platform:nuxeo-platform-oauth
(Maven)
Jan 6, 2023
User account escalation in Apache Hadoop
High
CVE-2021-33036
was published
for
org.apache.hadoop:hadoop-yarn-server-common
(Maven)
Jun 16, 2022
Apache Camel Netty enables Java deserialization by default
Critical
CVE-2020-11973
was published
for
org.apache.camel:camel-netty
(Maven)
May 21, 2020
Deserialization of Untrusted Data and Code Injection in xstream
Critical
CVE-2019-10173
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jul 26, 2019
QOS.ch Logback vulnerable to Deserialization of Untrusted Data
Critical
CVE-2017-5929
was published
for
ch.qos.logback:logback-classic
(Maven)
Jun 7, 2021
Deserialization of Untrusted Data in Apache Hadoop YARN
High
CVE-2021-25642
was published
for
org.apache.hadoop:hadoop-yarn-server
(Maven)
Aug 26, 2022
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin
High
CVE-2020-2211
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Code injection in Kubernetes Java Client
Moderate
CVE-2021-25738
was published
for
io.kubernetes:client-java
(Maven)
Oct 12, 2021
Denial of Service by injecting highly recursive collections or maps in XStream
High
CVE-2021-43859
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Feb 1, 2022
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Critical
CVE-2021-32824
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Jan 3, 2023
Remote Code Execution vulnerability in Jenkins Literate Plugin
High
CVE-2020-2158
was published
for
org.jenkins-ci.plugins:literate
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API