Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
RDoc RCE vulnerability with .rdoc_options Moderate
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder Moderate
CVE-2024-28861 was published for friendsofsymfony1/symfony1 (Composer) Mar 22, 2024
darkpills
By-passing Protection of PharStreamWrapper Interceptor Moderate
GHSA-4v5g-8pq2-32m2 was published for typo3/phar-stream-wrapper (Composer) Jun 5, 2024
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22095 was published for org.springframework.amqp:spring-amqp (Maven) Dec 1, 2021
SunBK201
kurwov vulnerable to Denial of Service due to improper data sanitization Moderate
CVE-2024-34075 was published for kurwov (npm) May 3, 2024
SuperchupuDev
Drools Core Deserialization of Untrusted Data vulnerability Moderate
CVE-2022-1415 was published for org.drools:drools-core (Maven) Sep 11, 2023
qlib Deserialization of Untrusted Data vulnerability Moderate
CVE-2021-23338 was published for pyqlib (pip) May 24, 2022
Subrion CMS PHP Object Injection Moderate
CVE-2020-12469 was published for intelliants/subrion (Composer) May 24, 2022
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency Moderate
CVE-2024-28859 was published for friendsofsymfony1/swiftmailer (Composer) Mar 18, 2024
darkpills
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code Moderate
CVE-2024-29032 was published for qiskit-ibm-runtime (pip) Mar 20, 2024
richrines1
Deserialization of Untrusted Data in FasterXML jackson-databind Moderate
CVE-2019-12384 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 5, 2019
sunSUNQ
Deserialization of untrusted data in FasterXML jackson-databind Moderate
CVE-2019-12814 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 17, 2019
sunSUNQ
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data Moderate
CVE-2011-2894 was published for org.springframework.security:spring-security-core (Maven) May 14, 2022
sunSUNQ
Deserialization of Untrusted Data in Jenkins Moderate
CVE-2017-1000355 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Whaleal IceFrog is vulnerable to deserialization Moderate
CVE-2023-3308 was published for com.whaleal.icefrog:icefrog-all (Maven) Jun 18, 2023
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
ai-flow Deserialization of Untrusted Data vulnerability Moderate
CVE-2024-0960 was published for ai-flow (pip) Jan 27, 2024
Silverstripe CMS Arbitrary Code Execution Moderate
CVE-2011-4962 was published for silverstripe/cms (Composer) May 17, 2022
PHPEMS Deserialization of Untrusted Data vulnerability Moderate
CVE-2023-6654 was published for phpems/phpems (Composer) Dec 10, 2023
DoS vulnerability in bundled XStream library in Jenkins Core Moderate
CVE-2022-0538 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 10, 2022
NotMyFault
Deserialization of Untrusted Data in Jenkins Moderate
CVE-2018-1999042 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Elasticsearch-hadoop Unsafe Deserialization Moderate
CVE-2023-46674 was published for org.elasticsearch:elasticsearch-hadoop (Maven) Dec 5, 2023
Apache NiFi vulnerable to Deserialization of Untrusted Data Moderate
CVE-2023-34212 was published for org.apache.nifi:nifi-jms-bundle (Maven) Jun 12, 2023
Apache Johnzon Deserialization of Untrusted Data vulnerability Moderate
CVE-2023-33008 was published for org.apache.johnzon:johnzon-mapper (Maven) Jul 7, 2023
Denial of Service in Google Guava Moderate
CVE-2018-10237 was published for com.google.guava:guava (Maven) Jun 15, 2020
ProTip! Advisories are also available from the GraphQL API