GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Denial of service via deserialization attack in nifi
Moderate
CVE-2017-15703
was published
for
org.apache.nifi:nifi-framework-cluster-protocol
(Maven)
Oct 25, 2019
XStream can cause a Denial of Service
Moderate
CVE-2021-39140
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data
Moderate
CVE-2022-37023
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22097
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 24, 2022
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
Moderate
CVE-2021-32828
was published
for
org.nuxeo.ecm.platform:nuxeo-platform-oauth
(Maven)
Jan 6, 2023
Code injection in Kubernetes Java Client
Moderate
CVE-2021-25738
was published
for
io.kubernetes:client-java
(Maven)
Oct 12, 2021
Deserialization of Untrusted Data in logback
Moderate
CVE-2021-42550
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 17, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21347
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21351
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21344
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
Moderate
CVE-2021-21343
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21346
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21350
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
Moderate
CVE-2021-21348
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
YAML deserialization can run untrusted code
Moderate
CVE-2021-39132
was published
for
org.rundeck:rundeck-core
(Maven)
Sep 1, 2021
Deserialization of Untrusted Data in Apache Dubbo
Moderate
CVE-2019-17564
was published
for
org.apache.dubbo:dubbo-rpc-http-invoker
(Maven)
May 24, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21342
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
Denial of Service in Google Guava
Moderate
CVE-2018-10237
was published
for
com.google.guava:guava
(Maven)
Jun 15, 2020
Apache Johnzon Deserialization of Untrusted Data vulnerability
Moderate
CVE-2023-33008
was published
for
org.apache.johnzon:johnzon-mapper
(Maven)
Jul 7, 2023
Elasticsearch-hadoop Unsafe Deserialization
Moderate
CVE-2023-46674
was published
for
org.elasticsearch:elasticsearch-hadoop
(Maven)
Dec 5, 2023
Deserialization of Untrusted Data in Jenkins
Moderate
CVE-2018-1999042
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
DoS vulnerability in bundled XStream library in Jenkins Core
Moderate
CVE-2022-0538
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Feb 10, 2022
Whaleal IceFrog is vulnerable to deserialization
Moderate
CVE-2023-3308
was published
for
com.whaleal.icefrog:icefrog-all
(Maven)
Jun 18, 2023
ProTip!
Advisories are also available from the
GraphQL API