GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
830 advisories
Filter by severity
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows...
High
Unreviewed
CVE-2018-16364
was published
May 13, 2022
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5...
Critical
Unreviewed
CVE-2018-15691
was published
May 13, 2022
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to...
Moderate
Unreviewed
CVE-2016-10304
was published
May 13, 2022
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote...
Critical
Unreviewed
CVE-2014-9515
was published
May 13, 2022
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent...
High
Unreviewed
CVE-2016-4483
was published
May 13, 2022
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state...
High
Unreviewed
CVE-2018-15686
was published
May 13, 2022
An exploitable code execution vulnerability exists in the Levin deserialization functionality of...
Critical
Unreviewed
CVE-2018-3972
was published
May 13, 2022
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A...
High
Unreviewed
CVE-2016-9045
was published
May 13, 2022
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function...
Critical
Unreviewed
CVE-2022-29363
was published
May 13, 2022
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the ...
High
Unreviewed
CVE-2022-1463
was published
May 11, 2022
The Java Remote Management Interface of all versions of SVI MS Management System was discovered...
Critical
Unreviewed
CVE-2020-23621
was published
May 4, 2022
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a...
Critical
Unreviewed
CVE-2020-23620
was published
May 4, 2022
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context...
Moderate
Unreviewed
CVE-2007-1701
was published
May 1, 2022
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code...
High
Unreviewed
CVE-2022-29936
was published
Apr 30, 2022
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to...
High
Unreviewed
CVE-2003-0791
was published
Apr 29, 2022
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
Critical
Unreviewed
CVE-2022-29528
was published
Apr 22, 2022
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later...
Critical
Unreviewed
CVE-2022-26133
was published
Apr 21, 2022
pearweb < 1.32 suffers from Deserialization of Untrusted Data.
Critical
Unreviewed
CVE-2022-27158
was published
Apr 16, 2022
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360...
High
Unreviewed
CVE-2021-21956
was published
Apr 15, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker...
High
Unreviewed
CVE-2019-6834
was published
Apr 14, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code...
High
Unreviewed
CVE-2022-22957
was published
Apr 14, 2022
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1...
Critical
Unreviewed
CVE-2022-23450
was published
Apr 13, 2022
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an...
High
Unreviewed
CVE-2022-20763
was published
Apr 7, 2022
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an...
Critical
Unreviewed
CVE-2021-33207
was published
Apr 6, 2022
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this...
Critical
Unreviewed
CVE-2020-19229
was published
Apr 6, 2022
ProTip!
Advisories are also available from the
GraphQL API