GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
829 advisories
Filter by severity
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files...
High
Unreviewed
CVE-2019-9055
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action...
High
Unreviewed
CVE-2019-9061
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to...
High
Unreviewed
CVE-2019-9057
was published
May 13, 2022
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it...
Critical
Unreviewed
CVE-2017-5878
was published
May 13, 2022
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize...
High
Unreviewed
CVE-2010-3258
was published
May 13, 2022
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting...
High
Unreviewed
CVE-2017-1000195
was published
May 13, 2022
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS...
High
Unreviewed
CVE-2010-4574
was published
May 13, 2022
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com...
Critical
Unreviewed
CVE-2017-14702
was published
May 13, 2022
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via...
Critical
Unreviewed
CVE-2016-3415
was published
May 13, 2022
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10...
Critical
Unreviewed
CVE-2019-10068
was published
May 13, 2022
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0...
High
Unreviewed
CVE-2017-14141
was published
May 13, 2022
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017...
High
Unreviewed
CVE-2018-7529
was published
May 13, 2022
Buck parser-cache command loads/saves state using Java serialized object. If the state...
Critical
Unreviewed
CVE-2018-6331
was published
May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute...
Critical
Unreviewed
CVE-2018-1904
was published
May 13, 2022
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute...
Critical
Unreviewed
CVE-2018-1851
was published
May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute...
Critical
Unreviewed
CVE-2018-1567
was published
May 13, 2022
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows...
Critical
Unreviewed
CVE-2018-19276
was published
May 13, 2022
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote,...
Critical
Unreviewed
CVE-2018-15616
was published
May 13, 2022
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated,...
Critical
Unreviewed
CVE-2018-15381
was published
May 13, 2022
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach...
High
Unreviewed
CVE-2018-12539
was published
May 13, 2022
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which...
Critical
Unreviewed
CVE-2017-7504
was published
May 13, 2022
The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1...
Critical
Unreviewed
CVE-2017-3207
was published
May 13, 2022
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version...
High
Unreviewed
CVE-2017-3201
was published
May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations...
Critical
Unreviewed
CVE-2017-17406
was published
May 13, 2022
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3...
Critical
Unreviewed
CVE-2017-11153
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API