GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
127 advisories
Filter by severity
Deserialization of Untrusted Data in Apache Olingo
Critical
CVE-2019-17556
was published
for
org.apache.olingo:odata-client-proxy
(Maven)
Feb 4, 2020
Critical severity vulnerability that affects org.apache.solr:solr-core
Critical
CVE-2019-0192
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-19361
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Unauthenticated Remote Code Execution in Apache JMeter
Critical
CVE-2019-0187
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
Mar 7, 2019
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
Deserialization of Untrusted Data in Jython
Critical
CVE-2016-4000
was published
for
org.python:jython
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jenkins
Critical
CVE-2017-1000353
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in JYaml
Critical
CVE-2020-8441
was published
for
org.jyaml:jyaml
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Spring AMQP
Critical
CVE-2017-8045
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 17, 2022
Apache Camel Netty enables Java deserialization by default
Critical
CVE-2020-11973
was published
for
org.apache.camel:camel-netty
(Maven)
May 21, 2020
Deserialization of Untrusted Data and Code Injection in xstream
Critical
CVE-2019-10173
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jul 26, 2019
QOS.ch Logback vulnerable to Deserialization of Untrusted Data
Critical
CVE-2017-5929
was published
for
ch.qos.logback:logback-classic
(Maven)
Jun 7, 2021
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Critical
CVE-2021-32824
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Jan 3, 2023
Apache Geode unsafe deserialization in TcpServer
Critical
CVE-2017-15692
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
MySQL JDBC deserialization vulnerability
Critical
CVE-2022-39312
was published
for
io.dataease:dataease-plugin-common
(Maven)
Oct 18, 2022
Serialization vulnerability in Apache Tapestry
Critical
CVE-2020-17531
was published
for
org.apache.tapestry:tapestry-project
(Maven)
Feb 9, 2022
Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization
Critical
CVE-2022-36944
was published
for
org.scala-lang:scala-library
(Maven)
Sep 25, 2022
Apache Tapestry allows deserialization of untrusted data
Critical
CVE-2022-46366
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Dec 2, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
Critical
CVE-2022-25767
was published
for
com.bstek.ureport:ureport2-console
(Maven)
May 3, 2022
Deserialization of Untrusted Data in Apache Storm
Critical
CVE-2018-11779
was published
for
org.apache.storm:storm-kafka
(Maven)
Aug 1, 2019
Deserialization of Untrusted Data in EthereumJ
Critical
CVE-2018-15890
was published
for
org.ethereum:ethereumj-core
(Maven)
Jul 26, 2019
Deserialization of Untrusted Data in Log4j
Critical
CVE-2017-5645
was published
for
org.apache.logging.log4j:log4j
(Maven)
Jan 6, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
Critical
CVE-2020-9546
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
Code execution in Spring Integration
Critical
CVE-2020-5413
was published
for
org.springframework.integration:spring-integration-core
(Maven)
Aug 5, 2020
ProTip!
Advisories are also available from the
GraphQL API