GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
Deserialization of Untrusted Data in Jython
Critical
CVE-2016-4000
was published
for
org.python:jython
(Maven)
May 13, 2022
Jenkins CLI Deserialization of Untrusted Data vulnerability
Critical
CVE-2015-8103
was published
for
org.jenkins-ci.main:cli
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Flamingo amf-serializer
Critical
CVE-2017-3202
was published
for
com.exadel.flamingo.flex:amf-serializer
(Maven)
May 13, 2022
Apache Camel camel-hessian component vulnerable to Java object deserialization
Critical
CVE-2017-12633
was published
for
org.apache.camel:camel-hessian
(Maven)
May 14, 2022
Apache OpenMeetings RCE
Critical
CVE-2016-8736
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 14, 2022
Apache XML-RPC vulnerable to Deserialization of Untrusted Data
Critical
CVE-2016-5003
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
May 14, 2022
Apache Geode unsafe deserialization in TcpServer
Critical
CVE-2017-15692
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Spring AMQP
Critical
CVE-2017-8045
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 17, 2022
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Critical
CVE-2019-10202
was published
for
org.codehaus.jackson:jackson-mapper-asl
(Maven)
May 24, 2022
Mulesoft Mule Unsafe Deserialization
Critical
CVE-2019-13116
was published
for
org.mule.runtime:mule
(Maven)
May 24, 2022
Pivotal Spring Framework contains unsafe Java deserialization methods
Critical
CVE-2016-1000027
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Deserialization of Untrusted Data in JYaml
Critical
CVE-2020-8441
was published
for
org.jyaml:jyaml
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Liferay Portal
Critical
CVE-2020-7961
was published
for
com.liferay.portal:com.liferay.portal.kernel
(Maven)
May 24, 2022
JFinal Java Deserialization Vulnerability
Critical
CVE-2021-31649
was published
for
com.jfinal:jfinal
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Apache Tapestry
Critical
CVE-2019-0195
was published
for
org.apache.tapestry:tapestry-core
(Maven)
May 24, 2022
Apache Geode vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-37021
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization
Critical
CVE-2022-36944
was published
for
org.scala-lang:scala-library
(Maven)
Sep 25, 2022
MySQL JDBC deserialization vulnerability
Critical
CVE-2022-39312
was published
for
io.dataease:dataease-plugin-common
(Maven)
Oct 18, 2022
Hessian Lite for Apache Dubbo deserialization vulnerability
Critical
CVE-2022-39198
was published
for
com.alibaba:hessian-lite
(Maven)
Oct 19, 2022
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Critical
CVE-2022-42468
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Oct 26, 2022
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
Apache Jena vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-45136
was published
for
org.apache.jena:jena-sdb
(Maven)
Nov 14, 2022
Unsafe deserialization in Apache MINA SSHD
Critical
CVE-2022-45047
was published
for
org.apache.sshd:sshd-common
(Maven)
Nov 16, 2022
Apache Tapestry allows deserialization of untrusted data
Critical
CVE-2022-46366
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Dec 2, 2022
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Critical
CVE-2021-32824
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Jan 3, 2023
ProTip!
Advisories are also available from the
GraphQL API