GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
242 advisories
Filter by severity
Apache Airflow vulnerable arbitrary code execution via Spark server
High
CVE-2023-40195
was published
for
apache-airflow-providers-apache-spark
(pip)
Aug 28, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability
High
CVE-2023-24621
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured
High
CVE-2023-34040
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Aug 24, 2023
Nacos Spring vulnerable to Unsafe Deserialization
High
CVE-2023-39106
was published
for
com.alibaba.nacos:nacos-spring-context
(Maven)
Aug 21, 2023
Deserialization vulnerability in Helix workflow and REST
High
CVE-2023-38647
was published
for
org.apache.helix:helix-core
(Maven)
Jul 26, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param
High
CVE-2023-34434
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 25, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability
High
CVE-2023-28754
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Jul 19, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-31058
was published
for
org.apache.inlong:manager-common
(Maven)
Jul 6, 2023
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
High
CVE-2023-27296
was published
for
org.apache.inlong:inlong-manager
(Maven)
Mar 27, 2023
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data
High
CVE-2022-48282
was published
for
MongoDB.Driver
(NuGet)
Feb 21, 2023
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data
High
CVE-2023-25194
was published
for
org.apache.kafka:connect
(Maven)
Feb 7, 2023
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
High
CVE-2023-0669
was published
for
metasploit-framework
(RubyGems)
Feb 6, 2023
•
withdrawn
Apache Linkis contains Deserialization of Untrusted Data
High
CVE-2022-44645
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
.NET Denial of Service Vulnerability
High
CVE-2023-21538
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jan 10, 2023
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
High
CVE-2022-40151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 30, 2022
XStream can cause Denial of Service via stack overflow
High
CVE-2022-41966
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 29, 2022
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Prevent RCE when deserializing untrusted user input
High
CVE-2022-41922
was published
for
yiisoft/yii
(Composer)
Nov 21, 2022
Deserialization of Untrusted Data in librenms/librenms
High
CVE-2022-3525
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
Apache Linkis subject to Remote Code Execution via deserialization
High
CVE-2022-39944
was published
for
org.apache.linkis:linkis
(Maven)
Oct 26, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data
High
CVE-2022-39297
was published
for
melisplatform/melis-cms
(Composer)
Oct 11, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data
High
CVE-2022-39298
was published
for
melisplatform/melis-front
(Composer)
Oct 11, 2022
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
ProTip!
Advisories are also available from the
GraphQL API