GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
Remote Code Execution Vulnerability in Session Storage
Critical
CVE-2021-29485
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Deserialization of Untrusted Data in Apache jUDDI
Critical
CVE-2021-37578
was published
for
org.apache.juddi:juddi-core
(Maven)
Aug 9, 2021
Deserializer tampering in Apache Dubbo
Critical
CVE-2021-25641
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Deserialization of Untrusted Data in Apache Camel RabbitMQ
High
CVE-2020-11972
was published
for
org.apache.camel:camel-rabbitmq
(Maven)
May 21, 2021
YAML deserialization can run untrusted code
Moderate
CVE-2021-39132
was published
for
org.rundeck:rundeck-core
(Maven)
Sep 1, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter
High
CVE-2021-23441
was published
for
com.jsoniter:jsoniter
(Maven)
Sep 20, 2021
•
withdrawn
Deserialization of Untrusted Data in Neo4j
Critical
CVE-2021-34371
was published
for
org.neo4j:neo4j
(Maven)
Sep 1, 2021
Hessian protocol configuration vulnerability in Apache Dubbo
Critical
CVE-2021-36163
was published
for
org.apache.dubbo:dubbo
(Maven)
Sep 8, 2021
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-40865
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
Security check skip in Apache Dubbo
Critical
CVE-2021-37579
was published
for
org.apache.dubbo:dubbo
(Maven)
Sep 10, 2021
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils
Critical
CVE-2021-41616
was published
for
org.apache.ddlutils:ddlutils
(Maven)
Oct 4, 2021
Hessian Lite for Apache Dubbo deserialization vulnerability
Critical
CVE-2022-39198
was published
for
com.alibaba:hessian-lite
(Maven)
Oct 19, 2022
Apache Camel camel-hessian component vulnerable to Java object deserialization
Critical
CVE-2017-12633
was published
for
org.apache.camel:camel-hessian
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Apache Dubbo
Moderate
CVE-2019-17564
was published
for
org.apache.dubbo:dubbo-rpc-http-invoker
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Dubbo
Critical
CVE-2021-43297
was published
for
org.apache.dubbo:dubbo
(Maven)
Jan 12, 2022
Potential remote code execution in Apache Tomcat
High
CVE-2021-25329
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 19, 2021
Deserialization of Untrusted Data in Magnolia CMS
High
CVE-2021-46364
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
Deserialization of untrusted data in Apache Cayenne
High
CVE-2022-24289
was published
for
org.apache.cayenne:cayenne-server
(Maven)
Feb 12, 2022
Apache Linkis contains Deserialization of Untrusted Data
High
CVE-2022-44645
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24997
was published
for
org.apache.inlong:inlong
(Maven)
Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24162
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Critical
CVE-2019-10202
was published
for
org.codehaus.jackson:jackson-mapper-asl
(Maven)
May 24, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21342
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
RubyGems Deserialization of Untrusted Data vulnerability
High
CVE-2018-1000074
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API