Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,035
Erlang
29
GitHub Actions
18
Go
1,844
Maven
5,000+
npm
3,580
NuGet
634
pip
3,164
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

309 advisories

jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11111 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14061 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
Deserialization of Untrusted Data in Apache Tomcat High
CVE-2013-2185 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Code execution in Spring Integration Critical
CVE-2020-5413 was published for org.springframework.integration:spring-integration-core (Maven) Aug 5, 2020
Deserialization of Untrusted Data in Apache Tapestry Critical
CVE-2019-0195 was published for org.apache.tapestry:tapestry-core (Maven) May 24, 2022
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21351 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21347 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21344 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) Moderate
CVE-2021-21348 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights Moderate
CVE-2021-21343 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21346 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21349 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21350 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Unsafe Deserialization that can Result in Code Execution High
CVE-2020-36282 was published for com.rabbitmq.jms:rabbitmq-jms (Maven) Dec 10, 2021
Arbitrary code execution in Apache ServiceComb java-chassis High
CVE-2020-17532 was published for org.apache.servicecomb:java-chassis (Maven) Feb 9, 2022
Deserialization exploitation in Apache Dubbo Critical
CVE-2020-11995 was published for org.apache.dubbo:dubbo-parent (Maven) Feb 9, 2022
Remote code execution in Apache Tapestry Critical
CVE-2021-27850 was published for org.apache.tapestry:tapestry-core (Maven) Jun 16, 2021
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2020-1948 was published for org.apache.dubbo:dubbo (Maven) Feb 10, 2022
"Deserialization errors in MyBatis" High
CVE-2020-26945 was published for org.mybatis:mybatis (Maven) Apr 22, 2021
Deserialization of Untrusted Data in Apache ShardingSphere High
CVE-2020-1947 was published for org.apache.shardingsphere:shardingsphere (Maven) Feb 10, 2022
Gadget chain attack in Nippy High
CVE-2020-24164 was published for com.taoensso:nippy (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache Heron High
CVE-2020-1964 was published for org.apache.heron:heron-simulator (Maven) Jan 6, 2022
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2021-30179 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API