Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

205 advisories

Loading
Consensys gnark-crypto allows Signature Malleability Critical
CVE-2023-44273 was published for github.com/Consensys/gnark-crypto (Go) Sep 28, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses Critical
CVE-2023-36480 was published for com.aerospike:aerospike-client (Maven) Aug 3, 2023
Authorization Bypass in Apache InLong Critical
CVE-2023-43668 was published for org.apache.inlong:manager-pojo (Maven) Oct 16, 2023
Remote Code Execution in AjaxNetProfessional Critical
CVE-2021-23758 was published for AjaxNetProfessional (NuGet) Dec 16, 2021
transmute-core unsafe YAML deserialization vulnerability Critical
CVE-2023-47204 was published for transmute-core (pip) Nov 2, 2023
josefkorbel r3kumar
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file Critical
GHSA-x563-6hqv-26mr was published for ibis-framework (pip) Nov 17, 2023
pitrou
Deserialization of Untrusted Data in Jodd Critical
CVE-2018-21234 was published for org.jodd:jodd-json (Maven) Feb 10, 2022
Apache ActiveMQ is vulnerable to Remote Code Execution Critical
CVE-2023-46604 was published for org.apache.activemq:activemq-client (Maven) Oct 27, 2023
nmarcoccio
Deserialization of Untrusted Data in bson Critical
CVE-2020-7610 was published for bson (npm) May 7, 2021
PyArrow: Arbitrary code execution when loading a malicious data file Critical
CVE-2023-47248 was published for pyarrow (pip) Nov 9, 2023
pitrou r3kumar
Code Execution Through IIFE in serialize-to-js Critical
CVE-2017-5954 was published for serialize-to-js (npm) Jul 18, 2018
tdunlap607
Deserialization of Untrusted Data in apache-submarine Critical
CVE-2023-46302 was published for apache-submarine (pip) Nov 20, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request Critical
CVE-2023-48887 was published for org.jupiter-rpc:jupiter-rpc (Maven) Dec 2, 2023
Solon is vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-48967 was published for org.noear:solon (Maven) Dec 4, 2023
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation Critical
CVE-2017-12634 was published for org.apache.camel:camel-castor (Maven) Oct 16, 2018
sunSUNQ
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo Critical
CVE-2023-46279 was published for org.apache.dubbo:dubbo (Maven) Dec 15, 2023
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization Critical
CVE-2017-3159 was published for org.apache.camel:camel-snakeyaml (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks Critical
CVE-2016-8749 was published for org.apache.camel:camel-jackson (Maven) Oct 16, 2018
sunSUNQ
Deserialization of Untrusted Data in Jenkins Critical
CVE-2018-1000861 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Flamingo amf-serializer Critical
CVE-2017-3202 was published for com.exadel.flamingo.flex:amf-serializer (Maven) May 13, 2022
transformers has a Deserialization of Untrusted Data vulnerability Critical
CVE-2023-6730 was published for transformers (pip) Dec 19, 2023
Magento deserialization vulnerability Critical
CVE-2020-3716 was published for magento/community-edition (Composer) May 24, 2022
Apache XML-RPC vulnerable to Deserialization of Untrusted Data Critical
CVE-2016-5003 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
Insecure Deserialization in Apache XML-RPC Critical
CVE-2019-17570 was published for org.apache.xmlrpc:xmlrpc (Maven) Jun 10, 2020
Remote Command Execution in SOFARPC Critical
CVE-2024-23636 was published for com.alipay.sofa:rpc-sofa-boot-starter (Maven) Jan 23, 2024
yemoli
ProTip! Advisories are also available from the GraphQL API