GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
205 advisories
Filter by severity
Remote code execution in Apache Jackrabbit
Critical
CVE-2023-37895
was published
for
org.apache.jackrabbit:jackrabbit-standalone
(Maven)
Jul 25, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Critical
CVE-2023-36480
was published
for
com.aerospike:aerospike-client
(Maven)
Aug 3, 2023
Snappy PHAR deserialization vulnerability
Critical
CVE-2023-41330
was published
for
knplabs/knp-snappy
(Composer)
Sep 8, 2023
Consensys gnark-crypto allows Signature Malleability
Critical
CVE-2023-44273
was published
for
github.com/Consensys/gnark-crypto
(Go)
Sep 28, 2023
geokit-rails Command Injection vulnerability
Critical
CVE-2023-26153
was published
for
geokit-rails
(RubyGems)
Oct 6, 2023
Authorization Bypass in Apache InLong
Critical
CVE-2023-43668
was published
for
org.apache.inlong:manager-pojo
(Maven)
Oct 16, 2023
Apache ActiveMQ is vulnerable to Remote Code Execution
Critical
CVE-2023-46604
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 27, 2023
transmute-core unsafe YAML deserialization vulnerability
Critical
CVE-2023-47204
was published
for
transmute-core
(pip)
Nov 2, 2023
PyArrow: Arbitrary code execution when loading a malicious data file
Critical
CVE-2023-47248
was published
for
pyarrow
(pip)
Nov 9, 2023
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Critical
GHSA-x563-6hqv-26mr
was published
for
ibis-framework
(pip)
Nov 17, 2023
Deserialization of Untrusted Data in apache-submarine
Critical
CVE-2023-46302
was published
for
apache-submarine
(pip)
Nov 20, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Critical
CVE-2023-48887
was published
for
org.jupiter-rpc:jupiter-rpc
(Maven)
Dec 2, 2023
Solon is vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-48967
was published
for
org.noear:solon
(Maven)
Dec 4, 2023
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Critical
CVE-2023-46279
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
transformers has a Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-6730
was published
for
transformers
(pip)
Dec 19, 2023
Unsafe yaml deserialization in llama-hub
Critical
CVE-2024-23730
was published
for
llama-hub
(pip)
Jan 21, 2024
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
Critical
CVE-2017-20189
was published
for
org.clojure:clojure
(Maven)
Jan 22, 2024
Remote Command Execution in SOFARPC
Critical
CVE-2024-23636
was published
for
com.alipay.sofa:rpc-sofa-boot-starter
(Maven)
Jan 23, 2024
Deserialization of untrusted data in synthcity
Critical
CVE-2024-0937
was published
for
synthcity
(pip)
Jan 26, 2024
Deserialization of Untrusted Data in Torrentpier
Critical
CVE-2024-1651
was published
for
torrentpier/torrentpier
(Composer)
Feb 20, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Critical
GHSA-97m3-52wr-xvv2
was published
for
phenx/php-svg-lib
(Composer)
Feb 22, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Critical
CVE-2023-51518
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Critical
CVE-2024-26580
was published
for
org.apache.inlong:manager-common
(Maven)
Mar 6, 2024
nGrinder vulnerable to unsafe Java objects deserialization
Critical
CVE-2024-28213
was published
for
org.ngrinder:ngrinder-core
(Maven)
Mar 7, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Critical
CVE-2024-2044
was published
for
pgAdmin4
(pip)
Mar 7, 2024
ProTip!
Advisories are also available from the
GraphQL API