GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
Deserialization of Untrusted Data in Neo4j
Critical
CVE-2021-34371
was published
for
org.neo4j:neo4j
(Maven)
Sep 1, 2021
Deserialization of Untrusted Data in Apache jUDDI
Critical
CVE-2021-37578
was published
for
org.apache.juddi:juddi-core
(Maven)
Aug 9, 2021
Remote Code Execution Vulnerability in Session Storage
Critical
CVE-2021-29485
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Remote code execution in Apache Tapestry
Critical
CVE-2021-27850
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Jun 16, 2021
QOS.ch Logback vulnerable to Deserialization of Untrusted Data
Critical
CVE-2017-5929
was published
for
ch.qos.logback:logback-classic
(Maven)
Jun 7, 2021
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
Code execution in Spring Integration
Critical
CVE-2020-5413
was published
for
org.springframework.integration:spring-integration-core
(Maven)
Aug 5, 2020
Improper Input Validation in jackson-databind
Critical
CVE-2019-17267
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 15, 2020
Insecure Deserialization in Apache XML-RPC
Critical
CVE-2019-17570
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
Jun 10, 2020
Apache Camel Netty enables Java deserialization by default
Critical
CVE-2020-11973
was published
for
org.apache.camel:camel-netty
(Maven)
May 21, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
Critical
CVE-2020-9547
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
Critical
CVE-2020-9548
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
Critical
CVE-2020-9546
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2020-8840
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2019-20330
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
Deserialization of Untrusted Data in Apache Olingo
Critical
CVE-2019-17556
was published
for
org.apache.olingo:odata-client-proxy
(Maven)
Feb 4, 2020
Deserialization of Untrusted Data in Log4j
Critical
CVE-2019-17571
was published
for
log4j:log4j
(Maven)
Jan 6, 2020
Deserialization of Untrusted Data in Log4j
Critical
CVE-2017-5645
was published
for
org.apache.logging.log4j:log4j
(Maven)
Jan 6, 2020
jackson-databind polymorphic typing issue
Critical
CVE-2019-17531
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Nov 13, 2019
jackson-databind polymorphic typing issue
Critical
CVE-2019-16943
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Nov 13, 2019
Polymorphic Typing in FasterXML jackson-databind
Critical
CVE-2019-16942
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 28, 2019
Polymorphic Typing issue in FasterXML jackson-databind
Critical
CVE-2019-16335
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Sep 23, 2019
Polymorphic Typing issue in FasterXML jackson-databind
Critical
CVE-2019-14540
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Sep 23, 2019
Deserialization of Untrusted Data in Apache Storm
Critical
CVE-2018-11779
was published
for
org.apache.storm:storm-kafka
(Maven)
Aug 1, 2019
Deserialization of Untrusted Data in EthereumJ
Critical
CVE-2018-15890
was published
for
org.ethereum:ethereumj-core
(Maven)
Jul 26, 2019
ProTip!
Advisories are also available from the
GraphQL API