Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

242 advisories

Loading
transformers has a Deserialization of Untrusted Data vulnerability High
CVE-2023-7018 was published for transformers (pip) Dec 20, 2023
Apache IoTDB: Unsafe deserialize map in Sync Tool High
CVE-2023-51656 was published for org.apache.iotdb:iotdb-parent (Maven) Dec 21, 2023
Apache InLong Manager Arbitrary File Read Vulnerability High
CVE-2023-51785 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
Apache Airflow: pickle deserialization vulnerability in XComs High
CVE-2023-50943 was published for apache-airflow (pip) Jan 24, 2024
Allegro AI ClearML vulnerable to deserialization of untrusted data High
CVE-2024-24590 was published for clearml (pip) Feb 6, 2024
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd
Deserialization of Untrusted Data in Apache Camel CassandraQL High
CVE-2024-23114 was published for org.apache.camel:camel-cassandraql (Maven) Feb 20, 2024
oscerd
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service High
CVE-2024-22871 was published for org.clojure:clojure (Maven) Feb 29, 2024
puredanger
timber/timber vulnerable to Deserialization of Untrusted Data High
CVE-2024-29800 was published for timber/timber (Composer) Apr 12, 2024
Sonicrrrr dennisenderink
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data High
CVE-2024-34072 was published for sagemaker (pip) May 3, 2024
Kasimir123
image-optimizer allows PHAR deserialization High
CVE-2024-34515 was published for spatie/image-optimizer (Composer) May 5, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability High
CVE-2024-26579 was published for org.apache.inlong:manager-pojo (Maven) May 8, 2024
Laravel Cookie serialization vulnerability High
GHSA-2867-6rrm-38gr was published for illuminate/cookie (Composer) May 15, 2024
Laravel Cookie serialization vulnerability High
GHSA-6jvx-8ch9-j2jr was published for laravel/framework (Composer) May 15, 2024
TYPO3 CMS Insecure Deserialization High
GHSA-96jg-pmc4-cx39 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling High
GHSA-5h5v-m596-r6rf was published for typo3/cms-core (Composer) May 30, 2024
MLFlow unsafe deserialization High
CVE-2024-37054 was published for mlflow (pip) Jun 4, 2024
litios
MLFlow unsafe deserialization High
CVE-2024-37055 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37052 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37053 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37056 was published for mlflow (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37062 was published for ydata-profiling (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37064 was published for ydata-profiling (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37058 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37060 was published for mlflow (pip) Jun 4, 2024
ProTip! Advisories are also available from the GraphQL API