Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

205 advisories

Loading
Improper Input Validation in jackson-databind Critical
CVE-2019-17267 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14719 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14718 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
jackson-databind polymorphic typing issue Critical
CVE-2019-16943 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 13, 2019
jackson-databind polymorphic typing issue Critical
CVE-2019-17531 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 13, 2019
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9547 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36564 was published for topthink/framework (Composer) Dec 10, 2021
Mulesoft Mule Unsafe Deserialization Critical
CVE-2019-13116 was published for org.mule.runtime:mule (Maven) May 24, 2022
Joomla! Object Injection Vulnerability Critical
CVE-2019-7743 was published for joomla/joomla-cms (Composer) May 13, 2022
Laravel Framework Deserialization Vulnerability Critical
CVE-2019-9081 was published for laravel/framework (Composer) May 14, 2022
Pippo RCE Vulnerability Critical
CVE-2018-18240 was published for ro.pippo:pippo-core (Maven) May 13, 2022
Apache Flex BlazeDS unsafe deserialization Critical
CVE-2017-5641 was published for org.apache.flex.blazeds:flex-messaging-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Log4j Critical
CVE-2019-17571 was published for log4j:log4j (Maven) Jan 6, 2020
scothale SebGondron
Deserialization of Untrusted Data in Apache Log4j Critical
CVE-2022-23307 was published for log4j:log4j (Maven) Jan 19, 2022
zbazztian SebGondron
Apache OpenMeetings RCE Critical
CVE-2016-8736 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
Apache MyFaces Trinidad Deserialization Vulnerability Critical
CVE-2016-5019 was published for org.apache.myfaces.trinidad:trinidad (Maven) May 13, 2022
Deserialization of Untrusted Data in Apache commons collections Critical
CVE-2015-7501 was published for commons-collections:commons-collections (Maven) May 13, 2022
wtwhite
Active Record contains deserialization of arbitrary YAML Critical
CVE-2013-0277 was published for activerecord (RubyGems) Oct 24, 2017
Remote code execution in Apache Jackrabbit Critical
CVE-2023-37895 was published for org.apache.jackrabbit:jackrabbit-standalone (Maven) Jul 25, 2023
xxl-rpc deserialization vulnerability Critical
CVE-2023-33496 was published for com.xuxueli:xxl-rpc-core (Maven) Jun 7, 2023
Snappy PHAR deserialization vulnerability Critical
CVE-2023-41330 was published for knplabs/knp-snappy (Composer) Sep 8, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message Critical
CVE-2023-26512 was published for org.apache.eventmesh:eventmesh-connector-rabbitmq (Maven) Jul 17, 2023
raboof
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution Critical
CVE-2023-36825 was published for orchid/platform (Composer) Jul 11, 2023
catferq
glazedlists XML Deserialization vulnerability Critical
CVE-2023-31890 was published for com.glazedlists:glazedlists (Maven) May 16, 2023
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
ProTip! Advisories are also available from the GraphQL API