GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
241 advisories
Filter by severity
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11619
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11112
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 10, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11111
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14061
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of Untrusted Data in Apache Tomcat
High
CVE-2013-2185
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
RCE via PHP Object injection via SOAP Requests
High
CVE-2020-15244
was published
for
openmage/magento-lts
(Composer)
Oct 30, 2020
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Unsafe Deserialization that can Result in Code Execution
High
CVE-2020-36282
was published
for
com.rabbitmq.jms:rabbitmq-jms
(Maven)
Dec 10, 2021
Deserialization of Untrusted Data in PyYAML
High
CVE-2019-20477
was published
for
pyyaml
(pip)
Apr 20, 2021
Arbitrary code execution in Apache ServiceComb java-chassis
High
CVE-2020-17532
was published
for
org.apache.servicecomb:java-chassis
(Maven)
Feb 9, 2022
Deserialization of Untrusted Data in Tendenci
High
CVE-2020-14942
was published
for
tendenci
(pip)
Jun 18, 2021
"Deserialization errors in MyBatis"
High
CVE-2020-26945
was published
for
org.mybatis:mybatis
(Maven)
Apr 22, 2021
Deserialization of Untrusted Data in Apache ShardingSphere
High
CVE-2020-1947
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Feb 10, 2022
Gadget chain attack in Nippy
High
CVE-2020-24164
was published
for
com.taoensso:nippy
(Maven)
Feb 10, 2022
Deserialization of Untrusted Data in Apache Heron
High
CVE-2020-1964
was published
for
org.apache.heron:heron-simulator
(Maven)
Jan 6, 2022
Deserialization of Untrusted Data in Apache Camel RabbitMQ
High
CVE-2020-11972
was published
for
org.apache.camel:camel-rabbitmq
(Maven)
May 21, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter
High
CVE-2021-23441
was published
for
com.jsoniter:jsoniter
(Maven)
Sep 20, 2021
•
withdrawn
Deserialization of Untrusted Data in parlai
High
CVE-2021-39207
was published
for
parlai
(pip)
Sep 13, 2021
Potential remote code execution in Apache Tomcat
High
CVE-2021-25329
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 19, 2021
Prevent RCE when deserializing untrusted user input
High
CVE-2022-41922
was published
for
yiisoft/yii
(Composer)
Nov 21, 2022
Deserialization of Untrusted Data in Magnolia CMS
High
CVE-2021-46364
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
Deserialization of untrusted data in Apache Cayenne
High
CVE-2022-24289
was published
for
org.apache.cayenne:cayenne-server
(Maven)
Feb 12, 2022
Apache Linkis contains Deserialization of Untrusted Data
High
CVE-2022-44645
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
High
CVE-2023-0669
was published
for
metasploit-framework
(RubyGems)
Feb 6, 2023
•
withdrawn
Phar unserialization vulnerability in phpMussel
High
CVE-2020-4043
was published
for
Maikuolan/phpMussel
(Composer)
Jun 10, 2020
ProTip!
Advisories are also available from the
GraphQL API