Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
Deserialization of Untrusted Data in Apache Tapestry Critical
CVE-2019-0195 was published for org.apache.tapestry:tapestry-core (Maven) May 24, 2022
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
Deserialization exploitation in Apache Dubbo Critical
CVE-2020-11995 was published for org.apache.dubbo:dubbo-parent (Maven) Feb 9, 2022
Remote code execution in Apache Tapestry Critical
CVE-2021-27850 was published for org.apache.tapestry:tapestry-core (Maven) Jun 16, 2021
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2020-1948 was published for org.apache.dubbo:dubbo (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2021-30179 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Remote Code Execution Vulnerability in Session Storage Critical
CVE-2021-29485 was published for io.ratpack:ratpack-core (Maven) Jul 1, 2021
JLLeitschuh
Deserialization of Untrusted Data in Apache jUDDI Critical
CVE-2021-37578 was published for org.apache.juddi:juddi-core (Maven) Aug 9, 2021
Deserializer tampering in Apache Dubbo Critical
CVE-2021-25641 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Deserialization of Untrusted Data in Neo4j Critical
CVE-2021-34371 was published for org.neo4j:neo4j (Maven) Sep 1, 2021
Hessian protocol configuration vulnerability in Apache Dubbo Critical
CVE-2021-36163 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm Critical
CVE-2021-40865 was published for org.apache.storm:storm (Maven) Oct 27, 2021
Security check skip in Apache Dubbo Critical
CVE-2021-37579 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils Critical
CVE-2021-41616 was published for org.apache.ddlutils:ddlutils (Maven) Oct 4, 2021
Hessian Lite for Apache Dubbo deserialization vulnerability Critical
CVE-2022-39198 was published for com.alibaba:hessian-lite (Maven) Oct 19, 2022
Apache Camel camel-hessian component vulnerable to Java object deserialization Critical
CVE-2017-12633 was published for org.apache.camel:camel-hessian (Maven) May 14, 2022
Deserialization of Untrusted Data in Dubbo Critical
CVE-2021-43297 was published for org.apache.dubbo:dubbo (Maven) Jan 12, 2022
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24997 was published for org.apache.inlong:inlong (Maven) Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24162 was published for cn.hutool:hutool-all (Maven) Jan 31, 2023
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl Critical
CVE-2019-10202 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) May 24, 2022
RCE in H2 Console Critical
CVE-2021-42392 was published for com.h2database:h2 (Maven) Jan 6, 2022
Apache Geode vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-37021 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
raboof
Apache Dubbo vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-23638 was published for org.apache.dubbo:dubbo (Maven) Mar 8, 2023
loganaden
Apache Linkis DatasourceManager module has deserialization vulnerability Critical
CVE-2023-29216 was published for org.apache.linkis:linkis-datasource (Maven) Apr 10, 2023
Apache Linkis JDBC EngineConn has deserialization vulnerability Critical
CVE-2023-29215 was published for org.apache.linkis:linkis-engineconn (Maven) Apr 10, 2023
ProTip! Advisories are also available from the GraphQL API