GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
387 advisories
Filter by severity
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a...
High
Unreviewed
CVE-2021-20076
was published
May 24, 2022
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress...
High
Unreviewed
CVE-2020-35939
was published
May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains...
High
Unreviewed
CVE-2020-10657
was published
May 24, 2022
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database...
High
Unreviewed
CVE-2021-29654
was published
May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management...
High
Unreviewed
CVE-2021-25152
was published
May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management...
High
Unreviewed
CVE-2021-25151
was published
May 24, 2022
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such...
High
Unreviewed
CVE-2021-24280
was published
May 24, 2022
In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories...
High
Unreviewed
CVE-2021-33898
was published
May 24, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2021-27240
was published
May 24, 2022
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user...
High
Unreviewed
CVE-2021-24217
was published
May 24, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2021-27277
was published
May 24, 2022
There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can...
High
Unreviewed
CVE-2021-22439
was published
May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager...
High
Unreviewed
CVE-2021-29150
was published
May 24, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution...
High
Unreviewed
CVE-2021-22777
was published
May 24, 2022
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the...
High
Unreviewed
CVE-2021-36766
was published
May 24, 2022
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching...
High
Unreviewed
CVE-2020-2555
was published
May 24, 2022
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation...
High
Unreviewed
CVE-2021-21866
was published
May 24, 2022
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods...
High
Unreviewed
CVE-2021-21865
was published
May 24, 2022
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager...
High
Unreviewed
CVE-2021-21864
was published
May 24, 2022
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile()...
High
Unreviewed
CVE-2021-21863
was published
May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2022-28684
was published
Aug 4, 2022
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
High
Unreviewed
CVE-2021-38585
was published
May 24, 2022
A unsafe deserialization vulnerability exists in the ObjectManager.plugin Project...
High
Unreviewed
CVE-2021-21868
was published
May 24, 2022
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream...
High
Unreviewed
CVE-2021-21867
was published
May 24, 2022
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment...
High
Unreviewed
CVE-2022-36119
was published
Aug 26, 2022
ProTip!
Advisories are also available from the
GraphQL API