Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

830 advisories

Loading
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows... High Unreviewed
CVE-2018-16364 was published May 13, 2022
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5... Critical Unreviewed
CVE-2018-15691 was published May 13, 2022
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to... Moderate Unreviewed
CVE-2016-10304 was published May 13, 2022
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote... Critical Unreviewed
CVE-2014-9515 was published May 13, 2022
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent... High Unreviewed
CVE-2016-4483 was published May 13, 2022
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state... High Unreviewed
CVE-2018-15686 was published May 13, 2022
An exploitable code execution vulnerability exists in the Levin deserialization functionality of... Critical Unreviewed
CVE-2018-3972 was published May 13, 2022
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A... High Unreviewed
CVE-2016-9045 was published May 13, 2022
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function... Critical Unreviewed
CVE-2022-29363 was published May 13, 2022
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the ... High Unreviewed
CVE-2022-1463 was published May 11, 2022
The Java Remote Management Interface of all versions of SVI MS Management System was discovered... Critical Unreviewed
CVE-2020-23621 was published May 4, 2022
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a... Critical Unreviewed
CVE-2020-23620 was published May 4, 2022
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context... Moderate Unreviewed
CVE-2007-1701 was published May 1, 2022
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code... High Unreviewed
CVE-2022-29936 was published Apr 30, 2022
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to... High Unreviewed
CVE-2003-0791 was published Apr 29, 2022
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. Critical Unreviewed
CVE-2022-29528 was published Apr 22, 2022
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later... Critical Unreviewed
CVE-2022-26133 was published Apr 21, 2022
pearweb < 1.32 suffers from Deserialization of Untrusted Data. Critical Unreviewed
CVE-2022-27158 was published Apr 16, 2022
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360... High Unreviewed
CVE-2021-21956 was published Apr 15, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker... High Unreviewed
CVE-2019-6834 was published Apr 14, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code... High Unreviewed
CVE-2022-22957 was published Apr 14, 2022
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1... Critical Unreviewed
CVE-2022-23450 was published Apr 13, 2022
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an... High Unreviewed
CVE-2022-20763 was published Apr 7, 2022
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an... Critical Unreviewed
CVE-2021-33207 was published Apr 6, 2022
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this... Critical Unreviewed
CVE-2020-19229 was published Apr 6, 2022
ProTip! Advisories are also available from the GraphQL API