GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
242 advisories
Filter by severity
Unsafe deserialization in com.alibaba:fastjson
High
CVE-2022-25845
was published
for
com.alibaba:fastjson
(Maven)
Jun 11, 2022
Apache Inlong Deserialization of Untrusted Data vulnerability
High
CVE-2024-26579
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 8, 2024
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
High
CVE-2024-34072
was published
for
sagemaker
(pip)
May 3, 2024
TYPO3 Insecure Deserialization in Query Generator & Query View
High
CVE-2019-19849
was published
for
typo3/cms
(Composer)
May 24, 2022
Froxlor PHP Object Injection vulnerability
High
CVE-2018-1000527
was published
for
froxlor/froxlor
(Composer)
May 13, 2022
phpBB Remote Code Execution
High
CVE-2018-19274
was published
for
phpbb/phpbb
(Composer)
May 13, 2022
Pimcore Unserialize Remote Code Execution
High
CVE-2019-10867
was published
for
pimcore/pimcore
(Composer)
May 13, 2022
Drupal Core Remote Code Execution Vulnerability
High
CVE-2019-6340
was published
for
drupal/core
(Composer)
May 13, 2022
Deserialization vulnerability exists in parso
High
CVE-2019-12760
was published
for
parso
(pip)
Jun 13, 2019
•
withdrawn
timber/timber vulnerable to Deserialization of Untrusted Data
High
CVE-2024-29800
was published
for
timber/timber
(Composer)
Apr 12, 2024
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Information exposure in FasterXML jackson-databind
High
CVE-2019-12086
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 23, 2019
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11113
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11620
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14060
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14195
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35490
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Deserialization of untrusted data in jackson-databind
High
CVE-2021-20190
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 20, 2021
Potential remote code execution in Apache Tomcat
High
CVE-2020-9484
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 21, 2020
Deserialization of Untrusted Data in Spring Security
High
CVE-2017-4995
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in jackson-databind
High
CVE-2018-5968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 30, 2020
Deserialization of Untrusted Data
High
CVE-2018-12023
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 15, 2020
jackson-databind Deserialization of Untrusted Data vulnerability
High
CVE-2018-12022
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 25, 2019
ProTip!
Advisories are also available from the
GraphQL API