GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
High
CVE-2023-39913
was published
for
org.apache.uima:uimaj
(Maven)
Nov 8, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-31058
was published
for
org.apache.inlong:manager-common
(Maven)
Jul 6, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-46227
was published
for
org.apache.inlong:manager-common
(Maven)
Oct 19, 2023
Nacos Spring vulnerable to Unsafe Deserialization
High
CVE-2023-39106
was published
for
com.alibaba.nacos:nacos-spring-context
(Maven)
Aug 21, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability
High
CVE-2023-24621
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability
High
CVE-2023-28754
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Jul 19, 2023
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured
High
CVE-2023-34040
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Aug 24, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param
High
CVE-2023-34434
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 25, 2023
Deserialization vulnerability in Helix workflow and REST
High
CVE-2023-38647
was published
for
org.apache.helix:helix-core
(Maven)
Jul 26, 2023
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
High
CVE-2016-4978
was published
for
org.apache.activemq:artemis-pom
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Log4j 1.x
High
CVE-2022-23302
was published
for
log4j:log4j
(Maven)
Jan 21, 2022
RCE vulnerability in Jenkins OpenShift Pipeline Plugin
High
CVE-2020-2167
was published
for
com.openshift.jenkins:openshift-pipeline
(Maven)
May 24, 2022
Apache James Privilege Escalation
High
CVE-2017-12628
was published
for
org.apache.james:james-project
(Maven)
May 17, 2022
GraniteDS Insecure Deserialization
High
CVE-2017-3200
was published
for
org.graniteds:granite-server-core
(Maven)
May 13, 2022
GraniteDS Insecure Deserialization
High
CVE-2017-3199
was published
for
org.graniteds:granite-core
(Maven)
May 13, 2022
Akka Java Serialization vulnerability
High
CVE-2017-1000034
was published
for
com.typesafe.akka:akka-actor
(Maven)
Oct 22, 2018
Insecure Java Deserialization in Apache Karaf
High
CVE-2021-41766
was published
for
org.apache.karaf.management:org.apache.karaf.management.server
(Maven)
Jan 28, 2022
Unsafe Deserialization in jackson-databind
High
CVE-2020-36183
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36180
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36182
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36179
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36181
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36189
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36188
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36187
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API