Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,343
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+

162 advisories

Loading
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39153 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39154 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ka1n4t
Deserialization of Untrusted Data in Apache Camel RabbitMQ High
CVE-2020-11972 was published for org.apache.camel:camel-rabbitmq (Maven) May 21, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
decsecre583
"Deserialization errors in MyBatis" High
CVE-2020-26945 was published for org.mybatis:mybatis (Maven) Apr 22, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Potential remote code execution in Apache Tomcat High
CVE-2021-25329 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 19, 2021
Deserialization of untrusted data in jackson-databind High
CVE-2021-20190 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 20, 2021
sharonbz sunSUNQ
Deserialization of Untrusted Data in jackson-databind High
CVE-2018-5968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 30, 2020
sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14061 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14062 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
mpihelgas
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14060 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14195 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ
Insecure Deserialization in Apache Commons Collection High
CVE-2015-6420 was published for commons-collections:commons-collections (Maven) Jun 15, 2020
msymons jensdietrich
Insecure Deserialization in Apache Commons Beanutils High
CVE-2019-10086 was published for commons-beanutils:commons-beanutils (Maven) Jun 15, 2020
Deserialization of Untrusted Data High
CVE-2018-12023 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11112 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 10, 2020
Potential remote code execution in Apache Tomcat High
CVE-2020-9484 was published for org.apache.tomcat:tomcat-catalina (Maven) May 21, 2020
sunSUNQ
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14893 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10673 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14892 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11111 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11113 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11619 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database