GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14060
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14062
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14061
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of Untrusted Data in jackson-databind
High
CVE-2018-5968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 30, 2020
Deserialization of untrusted data in jackson-databind
High
CVE-2021-20190
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 20, 2021
Potential remote code execution in Apache Tomcat
High
CVE-2021-25329
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 19, 2021
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
"Deserialization errors in MyBatis"
High
CVE-2020-26945
was published
for
org.mybatis:mybatis
(Maven)
Apr 22, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Deserialization of Untrusted Data in Apache Camel RabbitMQ
High
CVE-2020-11972
was published
for
org.apache.camel:camel-rabbitmq
(Maven)
May 21, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39153
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39148
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39147
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39146
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39145
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39141
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39139
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter
High
CVE-2021-23441
was published
for
com.jsoniter:jsoniter
(Maven)
Sep 20, 2021
•
withdrawn
Unsafe Deserialization in jackson-databind
High
CVE-2020-36186
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Nov 19, 2021
ProTip!
Advisories are also available from the
GraphQL API