GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
Pippo RCE Vulnerability
Critical
CVE-2018-18240
was published
for
ro.pippo:pippo-core
(Maven)
May 13, 2022
Apache Flex BlazeDS unsafe deserialization
Critical
CVE-2017-5641
was published
for
org.apache.flex.blazeds:flex-messaging-core
(Maven)
May 13, 2022
GraniteDS Insecure Deserialization
High
CVE-2017-3199
was published
for
org.graniteds:granite-core
(Maven)
May 13, 2022
GraniteDS Insecure Deserialization
High
CVE-2017-3200
was published
for
org.graniteds:granite-server-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Log4j
Critical
CVE-2019-17571
was published
for
log4j:log4j
(Maven)
Jan 6, 2020
Apache James Privilege Escalation
High
CVE-2017-12628
was published
for
org.apache.james:james-project
(Maven)
May 17, 2022
RCE vulnerability in Jenkins OpenShift Pipeline Plugin
High
CVE-2020-2167
was published
for
com.openshift.jenkins:openshift-pipeline
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Log4j 1.x
High
CVE-2022-23302
was published
for
log4j:log4j
(Maven)
Jan 21, 2022
Deserialization of Untrusted Data in Apache Log4j
Critical
CVE-2022-23307
was published
for
log4j:log4j
(Maven)
Jan 19, 2022
Apache OpenMeetings RCE
Critical
CVE-2016-8736
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 14, 2022
Apache MyFaces Trinidad Deserialization Vulnerability
Critical
CVE-2016-5019
was published
for
org.apache.myfaces.trinidad:trinidad
(Maven)
May 13, 2022
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
High
CVE-2016-4978
was published
for
org.apache.activemq:artemis-pom
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Apache commons collections
Critical
CVE-2015-7501
was published
for
commons-collections:commons-collections
(Maven)
May 13, 2022
Remote code execution in Apache Jackrabbit
Critical
CVE-2023-37895
was published
for
org.apache.jackrabbit:jackrabbit-standalone
(Maven)
Jul 25, 2023
Deserialization vulnerability in Helix workflow and REST
High
CVE-2023-38647
was published
for
org.apache.helix:helix-core
(Maven)
Jul 26, 2023
xxl-rpc deserialization vulnerability
Critical
CVE-2023-33496
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Jun 7, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param
High
CVE-2023-34434
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 25, 2023
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured
High
CVE-2023-34040
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Aug 24, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability
High
CVE-2023-28754
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Jul 19, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Critical
CVE-2023-26512
was published
for
org.apache.eventmesh:eventmesh-connector-rabbitmq
(Maven)
Jul 17, 2023
glazedlists XML Deserialization vulnerability
Critical
CVE-2023-31890
was published
for
com.glazedlists:glazedlists
(Maven)
May 16, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability
High
CVE-2023-24621
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
Nacos Spring vulnerable to Unsafe Deserialization
High
CVE-2023-39106
was published
for
com.alibaba.nacos:nacos-spring-context
(Maven)
Aug 21, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-46227
was published
for
org.apache.inlong:manager-common
(Maven)
Oct 19, 2023
Denial of Service in Google Guava
Moderate
CVE-2018-10237
was published
for
com.google.guava:guava
(Maven)
Jun 15, 2020
ProTip!
Advisories are also available from the
GraphQL API