GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
309 advisories
Apache Geode vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-37021
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
Apache Dubbo vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-23638
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 8, 2023
Deserialization of Untrusted Data in Infinispan
High
CVE-2017-15089
was published
for
org.infinispan:infinispan-core
(Maven)
May 14, 2022
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
Pivotal Spring Framework contains unsafe Java deserialization methods
Critical
CVE-2016-1000027
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2020-8840
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
Insecure Deserialization in Apache Commons Collection
High
CVE-2015-6420
was published
for
commons-collections:commons-collections
(Maven)
Jun 15, 2020
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
Critical
CVE-2018-19360
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
XML External Entity Reference (XXE) in jackson-databind
Critical
CVE-2018-14720
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Critical
CVE-2022-42468
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Oct 26, 2022
Unsafe deserialization in Apache MINA SSHD
Critical
CVE-2022-45047
was published
for
org.apache.sshd:sshd-common
(Maven)
Nov 16, 2022
ProTip!
Advisories are also available from the
GraphQL API