GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
Deserialization of untrusted data in jackson-databind
High
CVE-2021-20190
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 20, 2021
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
Moderate
CVE-2011-2894
was published
for
org.springframework.security:spring-security-core
(Maven)
May 14, 2022
Potential remote code execution in Apache Tomcat
High
CVE-2020-9484
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 21, 2020
Solon vulnerable to deserialization of untrusted data
Critical
CVE-2023-35839
was published
for
org.noear:solon
(Maven)
Jun 19, 2023
Deserialization of Untrusted Data in Spring Security
High
CVE-2017-4995
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
Code execution via deserialization in org.apache.ignite:ignite-core
Critical
CVE-2018-8018
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Deserialization of Untrusted Data in Apache Batik
Critical
CVE-2018-8013
was published
for
org.apache.xmlgraphics:batik
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Pippo
Critical
CVE-2018-18628
was published
for
ro.pippo:pippo-core
(Maven)
Oct 24, 2018
Jenkins CLI Deserialization of Untrusted Data vulnerability
Critical
CVE-2015-8103
was published
for
org.jenkins-ci.main:cli
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jenkins
Moderate
CVE-2017-1000355
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in jackson-databind
High
CVE-2018-5968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 30, 2020
Deserialization of Untrusted Data
High
CVE-2018-12023
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 15, 2020
jackson-databind Deserialization of Untrusted Data vulnerability
High
CVE-2018-12022
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 25, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-11307
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 16, 2019
jackson-databind is vulnerable to a deserialization flaw
Critical
CVE-2017-7525
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Critical
CVE-2017-17485
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
Whaleal IceFrog is vulnerable to deserialization
Moderate
CVE-2023-3308
was published
for
com.whaleal.icefrog:icefrog-all
(Maven)
Jun 18, 2023
fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution
High
CVE-2020-10721
was published
for
io.fabric8:fabric8-maven-plugin
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Apache OpenJPA
High
CVE-2013-1768
was published
for
org.apache.openjpa:openjpa
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
Critical
CVE-2017-20189
was published
for
org.clojure:clojure
(Maven)
Jan 22, 2024
Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin
High
CVE-2018-1000058
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Bouncy castle
Critical
CVE-2018-1000613
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
Oct 17, 2018
Remote Command Execution in SOFARPC
Critical
CVE-2024-23636
was published
for
com.alipay.sofa:rpc-sofa-boot-starter
(Maven)
Jan 23, 2024
ProTip!
Advisories are also available from the
GraphQL API