Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

829 advisories

Loading
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files... High Unreviewed
CVE-2019-9055 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action... High Unreviewed
CVE-2019-9061 was published May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to... High Unreviewed
CVE-2019-9057 was published May 13, 2022
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it... Critical Unreviewed
CVE-2017-5878 was published May 13, 2022
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize... High Unreviewed
CVE-2010-3258 was published May 13, 2022
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting... High Unreviewed
CVE-2017-1000195 was published May 13, 2022
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS... High Unreviewed
CVE-2010-4574 was published May 13, 2022
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com... Critical Unreviewed
CVE-2017-14702 was published May 13, 2022
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via... Critical Unreviewed
CVE-2016-3415 was published May 13, 2022
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10... Critical Unreviewed
CVE-2019-10068 was published May 13, 2022
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0... High Unreviewed
CVE-2017-14141 was published May 13, 2022
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017... High Unreviewed
CVE-2018-7529 was published May 13, 2022
Buck parser-cache command loads/saves state using Java serialized object. If the state... Critical Unreviewed
CVE-2018-6331 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed
CVE-2018-1904 was published May 13, 2022
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute... Critical Unreviewed
CVE-2018-1851 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute... Critical Unreviewed
CVE-2018-1567 was published May 13, 2022
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows... Critical Unreviewed
CVE-2018-19276 was published May 13, 2022
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote,... Critical Unreviewed
CVE-2018-15616 was published May 13, 2022
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated,... Critical Unreviewed
CVE-2018-15381 was published May 13, 2022
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach... High Unreviewed
CVE-2018-12539 was published May 13, 2022
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which... Critical Unreviewed
CVE-2017-7504 was published May 13, 2022
The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1... Critical Unreviewed
CVE-2017-3207 was published May 13, 2022
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version... High Unreviewed
CVE-2017-3201 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-17406 was published May 13, 2022
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3... Critical Unreviewed
CVE-2017-11153 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API