GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Deserialization of Untrusted Data in Apache Camel RabbitMQ
High
CVE-2020-11972
was published
for
org.apache.camel:camel-rabbitmq
(Maven)
May 21, 2021
Deserialization of Untrusted Data in Apache Heron
High
CVE-2020-1964
was published
for
org.apache.heron:heron-simulator
(Maven)
Jan 6, 2022
Gadget chain attack in Nippy
High
CVE-2020-24164
was published
for
com.taoensso:nippy
(Maven)
Feb 10, 2022
Deserialization of Untrusted Data in Apache ShardingSphere
High
CVE-2020-1947
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Feb 10, 2022
"Deserialization errors in MyBatis"
High
CVE-2020-26945
was published
for
org.mybatis:mybatis
(Maven)
Apr 22, 2021
Arbitrary code execution in Apache ServiceComb java-chassis
High
CVE-2020-17532
was published
for
org.apache.servicecomb:java-chassis
(Maven)
Feb 9, 2022
Unsafe Deserialization that can Result in Code Execution
High
CVE-2020-36282
was published
for
com.rabbitmq.jms:rabbitmq-jms
(Maven)
Dec 10, 2021
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Deserialization of Untrusted Data in Apache Tomcat
High
CVE-2013-2185
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14061
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11111
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11112
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 10, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-11619
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14893
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Apache InLong vulnerable to Deserialization of Untrusted Data
High
CVE-2022-40955
was published
for
org.apache.inlong:inlong-common
(Maven)
Sep 21, 2022
RCE vulnerability in Jenkins DotCi Plugin
High
CVE-2022-41237
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
RCE vulnerability in Jenkins Azure Container Service Plugin
High
CVE-2020-2168
was published
for
org.jenkins-ci.plugins:azure-acs
(Maven)
May 24, 2022
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
High
CVE-2020-2166
was published
for
de.taimos:pipeline-aws
(Maven)
May 24, 2022
RCE vulnerability in Google Kubernetes Engine Plugin
High
CVE-2020-2121
was published
for
org.jenkins-ci.plugins:google-kubernetes-engine
(Maven)
May 24, 2022
Apache Linkis subject to Remote Code Execution via deserialization
High
CVE-2022-39944
was published
for
org.apache.linkis:linkis
(Maven)
Oct 26, 2022
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider
High
CVE-2018-1051
was published
for
org.jboss.resteasy:resteasy-yaml-provider
(Maven)
May 13, 2022
Apache NiFi JMS Deserialization issue
High
CVE-2018-1310
was published
for
org.apache.nifi:nifi
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Apache Brooklyn
High
CVE-2016-8744
was published
for
org.apache.brooklyn:brooklyn
(Maven)
May 17, 2022
Apache Geode unsafe deserialization of application objects
High
CVE-2017-15693
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Gson
High
CVE-2022-25647
was published
for
com.google.code.gson:gson
(Maven)
May 3, 2022
ProTip!
Advisories are also available from the
GraphQL API