GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
Deserialization of Untrusted Data in Liferay Portal
Critical
CVE-2020-7961
was published
for
com.liferay.portal:com.liferay.portal.kernel
(Maven)
May 24, 2022
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Critical
CVE-2023-51518
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
nGrinder vulnerable to unsafe Java objects deserialization
Critical
CVE-2024-28213
was published
for
org.ngrinder:ngrinder-core
(Maven)
Mar 7, 2024
Redisson vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-42809
was published
for
org.redisson:redisson
(Maven)
Aug 5, 2024
XXL-RPC Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-45146
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Aug 5, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Critical
CVE-2024-26580
was published
for
org.apache.inlong:manager-common
(Maven)
Mar 6, 2024
Apache Jena vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-45136
was published
for
org.apache.jena:jena-sdb
(Maven)
Nov 14, 2022
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Deserialization of Untrusted Data in Groovy
Critical
CVE-2016-6814
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Remote code execution in DolphinScheduler
Critical
CVE-2020-11974
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 9, 2022
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
Critical
CVE-2018-1295
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files
Critical
CVE-2016-6809
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Incomplete List of Disallowed Inputs in SOFA-Hessian
Critical
CVE-2019-9212
was published
for
com.alipay.sofa:hessian
(Maven)
Mar 6, 2019
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
Critical
CVE-2017-15095
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Critical
CVE-2018-19362
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
FasterXML jackson-databind allows unauthenticated remote code execution
Critical
CVE-2018-7489
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
Polymorphic Typing issue in FasterXML jackson-databind
Critical
CVE-2019-14540
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Sep 23, 2019
Polymorphic Typing in FasterXML jackson-databind
Critical
CVE-2019-16942
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 28, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2019-20330
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 4, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
Critical
CVE-2020-9548
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Solon vulnerable to deserialization of untrusted data
Critical
CVE-2023-35839
was published
for
org.noear:solon
(Maven)
Jun 19, 2023
Code execution via deserialization in org.apache.ignite:ignite-core
Critical
CVE-2018-8018
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Deserialization of Untrusted Data in Apache Batik
Critical
CVE-2018-8013
was published
for
org.apache.xmlgraphics:batik
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Pippo
Critical
CVE-2018-18628
was published
for
ro.pippo:pippo-core
(Maven)
Oct 24, 2018
ProTip!
Advisories are also available from the
GraphQL API