Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Loading
Deserialization of Untrusted Data in Magnolia CMS High
CVE-2021-46364 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Deserialization of untrusted data in Apache Cayenne High
CVE-2022-24289 was published for org.apache.cayenne:cayenne-server (Maven) Feb 12, 2022
Deserialization of Untrusted Data in Gson High
CVE-2022-25647 was published for com.google.code.gson:gson (Maven) May 3, 2022
Deserialization of Untrusted Data in Spring Security High
CVE-2017-4995 was published for org.springframework.security:spring-security-core (Maven) May 13, 2022
sunSUNQ
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain High
CVE-2016-4978 was published for org.apache.activemq:artemis-pom (Maven) May 13, 2022
Apache Tapestry Unsafe Object Storage High
CVE-2014-1972 was published for org.apache.tapestry:tapestry-core (Maven) May 13, 2022
GraniteDS Insecure Deserialization High
CVE-2017-3199 was published for org.graniteds:granite-core (Maven) May 13, 2022
GraniteDS Insecure Deserialization High
CVE-2017-3200 was published for org.graniteds:granite-server-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Infinispan High
CVE-2018-1131 was published for org.infinispan:infinispan-core (Maven) May 13, 2022
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider High
CVE-2018-1051 was published for org.jboss.resteasy:resteasy-yaml-provider (Maven) May 13, 2022
Deserialization of Untrusted Data in Spring-flex High
CVE-2017-3203 was published for org.springframework.flex:spring-flex (Maven) May 13, 2022
Deserialization of Untrusted Data in Jenkins High
CVE-2017-2608 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Infinispan High
CVE-2017-15089 was published for org.infinispan:infinispan-core (Maven) May 14, 2022
tdunlap607
RubyGems Deserialization of Untrusted Data vulnerability High
CVE-2018-1000074 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Apache NiFi JMS Deserialization issue High
CVE-2018-1310 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Deserialization of Untrusted Data in Apache OpenJPA High
CVE-2013-1768 was published for org.apache.openjpa:openjpa (Maven) May 14, 2022
MarkLee131
Apache Geode unsafe deserialization of application objects High
CVE-2017-15693 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin High
CVE-2018-1000058 was published for org.jenkins-ci.plugins.workflow:workflow-support (Maven) May 14, 2022
Apache James Privilege Escalation High
CVE-2017-12628 was published for org.apache.james:james-project (Maven) May 17, 2022
Deserialization of Untrusted Data in Apache Brooklyn High
CVE-2016-8744 was published for org.apache.brooklyn:brooklyn (Maven) May 17, 2022
Restlet Arbitrary Java Code Execution via a serialized object High
CVE-2013-4271 was published for org.restlet.jse:org.restlet (Maven) May 17, 2022
Deserialization of Untrusted Data in Apache Tomcat High
CVE-2013-2185 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Deserialization of Untrusted Data in Hazelcast High
CVE-2016-10750 was published for com.hazelcast:hazelcast (Maven) May 24, 2022
RCE vulnerability in Google Kubernetes Engine Plugin High
CVE-2020-2121 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
NotMyFault
RCE vulnerability in RadarGun Plugin High
CVE-2020-2123 was published for org.jenkins-ci.plugins:radargun (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API