GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Unsafe Deserialization in jackson-databind
High
CVE-2020-36186
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Nov 19, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36184
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36185
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-24750
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Code Injection in jackson-databind
High
CVE-2020-24616
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14892
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Restlet Arbitrary Java Code Execution via a serialized object
High
CVE-2013-4271
was published
for
org.restlet.jse:org.restlet
(Maven)
May 17, 2022
Wildfly Unsafe Deserialization Vulnerability
High
CVE-2020-10740
was published
for
org.wildfly:wildfly-parent
(Maven)
May 24, 2022
OpenNMS Horizon RCE via Unsafe Deserialization
High
CVE-2020-12760
was published
for
org.opennms.core:org.opennms.core.daemon
(Maven)
May 24, 2022
jackson-databind before 2.9.10.4 vulnerable to unsafe deserialization
High
CVE-2020-10650
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 15, 2022
Apache Tapestry Unsafe Object Storage
High
CVE-2014-1972
was published
for
org.apache.tapestry:tapestry-core
(Maven)
May 13, 2022
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data
High
CVE-2023-25194
was published
for
org.apache.kafka:connect
(Maven)
Feb 7, 2023
XStream can cause Denial of Service via stack overflow
High
CVE-2022-41966
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 29, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Insecure Deserialization in Apache Commons Collection
High
CVE-2015-6420
was published
for
commons-collections:commons-collections
(Maven)
Jun 15, 2020
Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data
High
CVE-2020-15777
was published
for
com.gradle:gradle-enterprise-maven-extension
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Infinispan
High
CVE-2017-15089
was published
for
org.infinispan:infinispan-core
(Maven)
May 14, 2022
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
High
CVE-2023-27296
was published
for
org.apache.inlong:inlong-manager
(Maven)
Mar 27, 2023
RubyGems Deserialization of Untrusted Data vulnerability
High
CVE-2018-1000074
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Apache Linkis contains Deserialization of Untrusted Data
High
CVE-2022-44645
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
Deserialization of untrusted data in Apache Cayenne
High
CVE-2022-24289
was published
for
org.apache.cayenne:cayenne-server
(Maven)
Feb 12, 2022
Deserialization of Untrusted Data in Magnolia CMS
High
CVE-2021-46364
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
Potential remote code execution in Apache Tomcat
High
CVE-2021-25329
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 19, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter
High
CVE-2021-23441
was published
for
com.jsoniter:jsoniter
(Maven)
Sep 20, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API