GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
242 advisories
Filter by severity
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured
High
CVE-2023-34040
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Aug 24, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability
High
CVE-2023-28754
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Jul 19, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability
High
CVE-2023-24621
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
Nacos Spring vulnerable to Unsafe Deserialization
High
CVE-2023-39106
was published
for
com.alibaba.nacos:nacos-spring-context
(Maven)
Aug 21, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-46227
was published
for
org.apache.inlong:manager-common
(Maven)
Oct 19, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-31058
was published
for
org.apache.inlong:manager-common
(Maven)
Jul 6, 2023
Pickle serialization vulnerable to Deserialization of Untrusted Data
High
CVE-2023-23930
was published
for
vantage6
(pip)
Oct 13, 2023
Improper Access Control in activejob
High
CVE-2018-16476
was published
for
activejob
(RubyGems)
Dec 5, 2018
yiisoft/yii deserializing untrusted user input can lead to remote code execution
High
CVE-2023-47130
was published
for
yiisoft/yii
(Composer)
Nov 14, 2023
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
High
CVE-2023-39913
was published
for
org.apache.uima:uimaj
(Maven)
Nov 8, 2023
Serialization gadget exploit in jackson-databind
High
CVE-2020-35728
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Deserialization of untrusted data in FasterXML jackson-databind
High
CVE-2019-14439
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Aug 1, 2019
Insecure serialization leading to RCE in serialize-javascript
High
CVE-2020-7660
was published
for
serialize-javascript
(npm)
Aug 11, 2020
logback serialization vulnerability
High
CVE-2023-6378
was published
for
ch.qos.logback:logback-classic
(Maven)
Nov 29, 2023
RCE vulnerability in Jenkins AWS SAM Plugin
High
CVE-2020-2180
was published
for
io.jenkins.plugins:aws-sam
(Maven)
May 24, 2022
RCE vulnerability in SCM Filter Jervis Plugin
High
CVE-2020-2189
was published
for
io.jenkins.plugins:scm-filter-jervis
(Maven)
May 24, 2022
Improper handling of REST API XML deserialization errors in Jenkins
High
CVE-2021-21604
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
RCE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2021-21677
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
Bypass serialize checks in Apache Dubbo
High
CVE-2023-29234
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
RCE vulnerability in RadarGun Plugin
High
CVE-2020-2123
was published
for
org.jenkins-ci.plugins:radargun
(Maven)
May 24, 2022
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
High
CVE-2014-0003
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache IoTDB: Unsafe deserialize map in Sync Tool
High
CVE-2023-51656
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Dec 21, 2023
RCE vulnerability in Jenkins Yaml Axis Plugin
High
CVE-2020-2179
was published
for
org.jenkins-ci.plugins:yaml-axis
(Maven)
May 24, 2022
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
High
CVE-2021-4104
was published
for
log4j:log4j
(Maven)
Dec 14, 2021
transformers has a Deserialization of Untrusted Data vulnerability
High
CVE-2023-7018
was published
for
transformers
(pip)
Dec 20, 2023
ProTip!
Advisories are also available from the
GraphQL API