Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

242 advisories

Loading
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured High
CVE-2023-34040 was published for org.springframework.kafka:spring-kafka (Maven) Aug 24, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability High
CVE-2023-28754 was published for org.apache.shardingsphere:shardingsphere (Maven) Jul 19, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability High
CVE-2023-24621 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
Nacos Spring vulnerable to Unsafe Deserialization High
CVE-2023-39106 was published for com.alibaba.nacos:nacos-spring-context (Maven) Aug 21, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2023-46227 was published for org.apache.inlong:manager-common (Maven) Oct 19, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2023-31058 was published for org.apache.inlong:manager-common (Maven) Jul 6, 2023
Pickle serialization vulnerable to Deserialization of Untrusted Data High
CVE-2023-23930 was published for vantage6 (pip) Oct 13, 2023
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
yiisoft/yii deserializing untrusted user input can lead to remote code execution High
CVE-2023-47130 was published for yiisoft/yii (Composer) Nov 14, 2023
ma4ter222
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability High
CVE-2023-39913 was published for org.apache.uima:uimaj (Maven) Nov 8, 2023
Serialization gadget exploit in jackson-databind High
CVE-2020-35728 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Deserialization of untrusted data in FasterXML jackson-databind High
CVE-2019-14439 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Aug 1, 2019
timtebeek
Insecure serialization leading to RCE in serialize-javascript High
CVE-2020-7660 was published for serialize-javascript (npm) Aug 11, 2020
logback serialization vulnerability High
CVE-2023-6378 was published for ch.qos.logback:logback-classic (Maven) Nov 29, 2023
jakehall-gocity bvahdat
mpenttila liaodaniel peppers-joseph
RCE vulnerability in Jenkins AWS SAM Plugin High
CVE-2020-2180 was published for io.jenkins.plugins:aws-sam (Maven) May 24, 2022
NotMyFault
RCE vulnerability in SCM Filter Jervis Plugin High
CVE-2020-2189 was published for io.jenkins.plugins:scm-filter-jervis (Maven) May 24, 2022
NotMyFault
Improper handling of REST API XML deserialization errors in Jenkins High
CVE-2021-21604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2021-21677 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
Bypass serialize checks in Apache Dubbo High
CVE-2023-29234 was published for org.apache.dubbo:dubbo (Maven) Dec 15, 2023
RCE vulnerability in RadarGun Plugin High
CVE-2020-2123 was published for org.jenkins-ci.plugins:radargun (Maven) May 24, 2022
NotMyFault
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods High
CVE-2014-0003 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache IoTDB: Unsafe deserialize map in Sync Tool High
CVE-2023-51656 was published for org.apache.iotdb:iotdb-parent (Maven) Dec 21, 2023
RCE vulnerability in Jenkins Yaml Axis Plugin High
CVE-2020-2179 was published for org.jenkins-ci.plugins:yaml-axis (Maven) May 24, 2022
NotMyFault
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data High
CVE-2021-4104 was published for log4j:log4j (Maven) Dec 14, 2021
SebGondron
transformers has a Deserialization of Untrusted Data vulnerability High
CVE-2023-7018 was published for transformers (pip) Dec 20, 2023
ProTip! Advisories are also available from the GraphQL API