GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
830 advisories
Filter by severity
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.
Critical
Unreviewed
CVE-2021-32075
was published
May 24, 2022
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted...
Critical
Unreviewed
CVE-2021-21524
was published
May 24, 2022
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message...
Critical
Unreviewed
CVE-2021-25274
was published
May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary...
Moderate
Unreviewed
CVE-2021-3035
was published
May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management...
High
Unreviewed
CVE-2021-25151
was published
May 24, 2022
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to...
Critical
Unreviewed
CVE-2020-9493
was published
May 24, 2022
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
Critical
Unreviewed
CVE-2021-32098
was published
May 24, 2022
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such...
High
Unreviewed
CVE-2021-24280
was published
May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
Critical
Unreviewed
CVE-2021-31474
was published
May 24, 2022
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute...
Critical
Unreviewed
CVE-2020-29045
was published
May 24, 2022
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it...
Critical
Unreviewed
CVE-2021-33806
was published
May 24, 2022
In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories...
High
Unreviewed
CVE-2021-33898
was published
May 24, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2021-27240
was published
May 24, 2022
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though...
Moderate
Unreviewed
CVE-2021-34393
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and...
Moderate
Unreviewed
CVE-2021-1415
was published
May 24, 2022
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user...
High
Unreviewed
CVE-2021-24217
was published
May 24, 2022
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a...
Critical
Unreviewed
CVE-2021-3287
was published
May 24, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2021-27277
was published
May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary...
Moderate
Unreviewed
CVE-2021-3040
was published
May 24, 2022
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with...
Moderate
Unreviewed
CVE-2021-34394
was published
May 24, 2022
There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can...
High
Unreviewed
CVE-2021-22439
was published
May 24, 2022
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507...
Critical
Unreviewed
CVE-2021-35971
was published
May 24, 2022
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for...
Critical
Unreviewed
CVE-2021-24384
was published
May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager...
High
Unreviewed
CVE-2021-29150
was published
May 24, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution...
High
Unreviewed
CVE-2021-22777
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API