GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Code Injection in jackson-databind
High
CVE-2020-24616
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35490
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35491
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Serialization gadget exploit in jackson-databind
High
CVE-2020-35728
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-24750
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36182
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36179
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36185
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36181
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36180
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36184
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36183
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36188
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36187
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36189
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization that can Result in Code Execution
High
CVE-2020-36282
was published
for
com.rabbitmq.jms:rabbitmq-jms
(Maven)
Dec 10, 2021
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
High
CVE-2021-4104
was published
for
log4j:log4j
(Maven)
Dec 14, 2021
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
High
GHSA-3w6p-8f82-gw8r
was published
for
ru.yandex.clickhouse:clickhouse-jdbc-bridge
(Maven)
Dec 17, 2021
Deserialization of Untrusted Data in Apache Heron
High
CVE-2020-1964
was published
for
org.apache.heron:heron-simulator
(Maven)
Jan 6, 2022
Deserialization of Untrusted Data in Log4j 1.x
High
CVE-2022-23302
was published
for
log4j:log4j
(Maven)
Jan 21, 2022
Insecure Java Deserialization in Apache Karaf
High
CVE-2021-41766
was published
for
org.apache.karaf.management:org.apache.karaf.management.server
(Maven)
Jan 28, 2022
Denial of Service by injecting highly recursive collections or maps in XStream
High
CVE-2021-43859
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Feb 1, 2022
Arbitrary code execution in Apache ServiceComb java-chassis
High
CVE-2020-17532
was published
for
org.apache.servicecomb:java-chassis
(Maven)
Feb 9, 2022
Deserialization of Untrusted Data in Apache ShardingSphere
High
CVE-2020-1947
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Feb 10, 2022
Gadget chain attack in Nippy
High
CVE-2020-24164
was published
for
com.taoensso:nippy
(Maven)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API