GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
205 advisories
Filter by severity
Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization
Critical
CVE-2022-36944
was published
for
org.scala-lang:scala-library
(Maven)
Sep 25, 2022
Apache Tapestry allows deserialization of untrusted data
Critical
CVE-2022-46366
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Dec 2, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
Critical
CVE-2022-25767
was published
for
com.bstek.ureport:ureport2-console
(Maven)
May 3, 2022
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-23592
was published
for
topthink/framework
(Composer)
May 7, 2022
Deserialization of Untrusted Data in Apache Storm
Critical
CVE-2018-11779
was published
for
org.apache.storm:storm-kafka
(Maven)
Aug 1, 2019
Deserialization of Untrusted Data in EthereumJ
Critical
CVE-2018-15890
was published
for
org.ethereum:ethereumj-core
(Maven)
Jul 26, 2019
Deserialization of Untrusted Data in Log4j
Critical
CVE-2017-5645
was published
for
org.apache.logging.log4j:log4j
(Maven)
Jan 6, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
Critical
CVE-2020-9546
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
Code Execution through IIFE in node-serialize
Critical
CVE-2017-5941
was published
for
node-serialize
(npm)
Jul 18, 2018
Code execution in Spring Integration
Critical
CVE-2020-5413
was published
for
org.springframework.integration:spring-integration-core
(Maven)
Aug 5, 2020
Deserialization of Untrusted Data in Apache Tapestry
Critical
CVE-2019-0195
was published
for
org.apache.tapestry:tapestry-core
(Maven)
May 24, 2022
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
Deserialization of Untrusted Data in NukeViet
Critical
CVE-2019-7725
was published
for
nukeviet/nukeviet
(Composer)
Jun 22, 2021
Deserialization exploitation in Apache Dubbo
Critical
CVE-2020-11995
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Feb 9, 2022
Fixes a bug in Zend Framework's Stream HTTP Wrapper
Critical
CVE-2021-21426
was published
for
openmage/magento-lts
(Composer)
Apr 22, 2021
Remote code execution in Apache Tapestry
Critical
CVE-2021-27850
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Jun 16, 2021
Deserialization of Untrusted Data in Apache Dubbo
Critical
CVE-2020-1948
was published
for
org.apache.dubbo:dubbo
(Maven)
Feb 10, 2022
Insecure Deserialization of untrusted data in rmccue/requests
Critical
CVE-2021-29476
was published
for
rmccue/requests
(Composer)
Apr 29, 2021
Insecure deserialization in Wire
Critical
CVE-2021-29508
was published
for
Wire
(NuGet)
May 19, 2021
Deserialization of Untrusted Data in Apache Dubbo
Critical
CVE-2021-30179
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Remote Code Execution Vulnerability in Session Storage
Critical
CVE-2021-29485
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Deserialization of Untrusted Data in msgpack
Critical
CVE-2021-23410
was published
for
msgpack
(npm)
Jul 26, 2021
•
withdrawn
Deserialization of Untrusted Data in Apache jUDDI
Critical
CVE-2021-37578
was published
for
org.apache.juddi:juddi-core
(Maven)
Aug 9, 2021
Deserializer tampering in Apache Dubbo
Critical
CVE-2021-25641
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Deserialization of Untrusted Data in Neo4j
Critical
CVE-2021-34371
was published
for
org.neo4j:neo4j
(Maven)
Sep 1, 2021
ProTip!
Advisories are also available from the
GraphQL API