Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,035
Erlang
29
GitHub Actions
18
Go
1,844
Maven
5,000+
npm
3,580
NuGet
634
pip
3,164
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

309 advisories

Remote Code Execution Vulnerability in Session Storage Critical
CVE-2021-29485 was published for io.ratpack:ratpack-core (Maven) Jul 1, 2021
JLLeitschuh
Deserialization of Untrusted Data in Apache jUDDI Critical
CVE-2021-37578 was published for org.apache.juddi:juddi-core (Maven) Aug 9, 2021
Deserializer tampering in Apache Dubbo Critical
CVE-2021-25641 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Deserialization of Untrusted Data in Apache Camel RabbitMQ High
CVE-2020-11972 was published for org.apache.camel:camel-rabbitmq (Maven) May 21, 2021
YAML deserialization can run untrusted code Moderate
CVE-2021-39132 was published for org.rundeck:rundeck-core (Maven) Sep 1, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter High
CVE-2021-23441 was published for com.jsoniter:jsoniter (Maven) Sep 20, 2021 withdrawn
Deserialization of Untrusted Data in Neo4j Critical
CVE-2021-34371 was published for org.neo4j:neo4j (Maven) Sep 1, 2021
Hessian protocol configuration vulnerability in Apache Dubbo Critical
CVE-2021-36163 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm Critical
CVE-2021-40865 was published for org.apache.storm:storm (Maven) Oct 27, 2021
Security check skip in Apache Dubbo Critical
CVE-2021-37579 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils Critical
CVE-2021-41616 was published for org.apache.ddlutils:ddlutils (Maven) Oct 4, 2021
Hessian Lite for Apache Dubbo deserialization vulnerability Critical
CVE-2022-39198 was published for com.alibaba:hessian-lite (Maven) Oct 19, 2022
Apache Camel camel-hessian component vulnerable to Java object deserialization Critical
CVE-2017-12633 was published for org.apache.camel:camel-hessian (Maven) May 14, 2022
Deserialization of Untrusted Data in Apache Dubbo Moderate
CVE-2019-17564 was published for org.apache.dubbo:dubbo-rpc-http-invoker (Maven) May 24, 2022
Deserialization of Untrusted Data in Dubbo Critical
CVE-2021-43297 was published for org.apache.dubbo:dubbo (Maven) Jan 12, 2022
Potential remote code execution in Apache Tomcat High
CVE-2021-25329 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 19, 2021
Deserialization of Untrusted Data in Magnolia CMS High
CVE-2021-46364 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Deserialization of untrusted data in Apache Cayenne High
CVE-2022-24289 was published for org.apache.cayenne:cayenne-server (Maven) Feb 12, 2022
Apache Linkis contains Deserialization of Untrusted Data High
CVE-2022-44645 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24997 was published for org.apache.inlong:inlong (Maven) Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24162 was published for cn.hutool:hutool-all (Maven) Jan 31, 2023
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl Critical
CVE-2019-10202 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) May 24, 2022
RCE in H2 Console Critical
CVE-2021-42392 was published for com.h2database:h2 (Maven) Jan 6, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21342 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
RubyGems Deserialization of Untrusted Data vulnerability High
CVE-2018-1000074 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
ProTip! Advisories are also available from the GraphQL API