Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

310 advisories

Loading
Pippo RCE Vulnerability Critical
CVE-2018-18240 was published for ro.pippo:pippo-core (Maven) May 13, 2022
Apache Flex BlazeDS unsafe deserialization Critical
CVE-2017-5641 was published for org.apache.flex.blazeds:flex-messaging-core (Maven) May 13, 2022
GraniteDS Insecure Deserialization High
CVE-2017-3199 was published for org.graniteds:granite-core (Maven) May 13, 2022
GraniteDS Insecure Deserialization High
CVE-2017-3200 was published for org.graniteds:granite-server-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Log4j Critical
CVE-2019-17571 was published for log4j:log4j (Maven) Jan 6, 2020
scothale SebGondron
Apache James Privilege Escalation High
CVE-2017-12628 was published for org.apache.james:james-project (Maven) May 17, 2022
RCE vulnerability in Jenkins OpenShift Pipeline Plugin High
CVE-2020-2167 was published for com.openshift.jenkins:openshift-pipeline (Maven) May 24, 2022
NotMyFault
Deserialization of Untrusted Data in Log4j 1.x High
CVE-2022-23302 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron
Deserialization of Untrusted Data in Apache Log4j Critical
CVE-2022-23307 was published for log4j:log4j (Maven) Jan 19, 2022
zbazztian SebGondron
Apache OpenMeetings RCE Critical
CVE-2016-8736 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
Apache MyFaces Trinidad Deserialization Vulnerability Critical
CVE-2016-5019 was published for org.apache.myfaces.trinidad:trinidad (Maven) May 13, 2022
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain High
CVE-2016-4978 was published for org.apache.activemq:artemis-pom (Maven) May 13, 2022
Deserialization of Untrusted Data in Apache commons collections Critical
CVE-2015-7501 was published for commons-collections:commons-collections (Maven) May 13, 2022
wtwhite
Remote code execution in Apache Jackrabbit Critical
CVE-2023-37895 was published for org.apache.jackrabbit:jackrabbit-standalone (Maven) Jul 25, 2023
Deserialization vulnerability in Helix workflow and REST High
CVE-2023-38647 was published for org.apache.helix:helix-core (Maven) Jul 26, 2023
xxl-rpc deserialization vulnerability Critical
CVE-2023-33496 was published for com.xuxueli:xxl-rpc-core (Maven) Jun 7, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param High
CVE-2023-34434 was published for org.apache.inlong:manager-pojo (Maven) Jul 25, 2023
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured High
CVE-2023-34040 was published for org.springframework.kafka:spring-kafka (Maven) Aug 24, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability High
CVE-2023-28754 was published for org.apache.shardingsphere:shardingsphere (Maven) Jul 19, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message Critical
CVE-2023-26512 was published for org.apache.eventmesh:eventmesh-connector-rabbitmq (Maven) Jul 17, 2023
raboof
glazedlists XML Deserialization vulnerability Critical
CVE-2023-31890 was published for com.glazedlists:glazedlists (Maven) May 16, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability High
CVE-2023-24621 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
Nacos Spring vulnerable to Unsafe Deserialization High
CVE-2023-39106 was published for com.alibaba.nacos:nacos-spring-context (Maven) Aug 21, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2023-46227 was published for org.apache.inlong:manager-common (Maven) Oct 19, 2023
Denial of Service in Google Guava Moderate
CVE-2018-10237 was published for com.google.guava:guava (Maven) Jun 15, 2020
ProTip! Advisories are also available from the GraphQL API