GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
YAML deserialization can run untrusted code
Moderate
CVE-2021-39132
was published
for
org.rundeck:rundeck-core
(Maven)
Sep 1, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39139
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream can cause a Denial of Service
Moderate
CVE-2021-39140
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39141
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39145
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39146
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39147
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39148
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39153
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Apache jUDDI
Critical
CVE-2021-37578
was published
for
org.apache.juddi:juddi-core
(Maven)
Aug 9, 2021
Remote Code Execution Vulnerability in Session Storage
Critical
CVE-2021-29485
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Remote code execution in Apache Tapestry
Critical
CVE-2021-27850
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Jun 16, 2021
QOS.ch Logback vulnerable to Deserialization of Untrusted Data
Critical
CVE-2017-5929
was published
for
ch.qos.logback:logback-classic
(Maven)
Jun 7, 2021
Deserialization of Untrusted Data in Apache Camel RabbitMQ
High
CVE-2020-11972
was published
for
org.apache.camel:camel-rabbitmq
(Maven)
May 21, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
"Deserialization errors in MyBatis"
High
CVE-2020-26945
was published
for
org.mybatis:mybatis
(Maven)
Apr 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21351
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21350
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
ProTip!
Advisories are also available from the
GraphQL API