GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,763
Composer 4,750
Erlang 35
GitHub Actions 29
Go 2,323
Maven 5,608
npm 3,956
NuGet 712
pip 3,739
Pub 12
RubyGems 921
Rust 973
Swift 38

Unreviewed advisories

All unreviewed 258,261

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

493 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp.... Critical Unreviewed

CVE-2022-4890 was published Jan 16, 2023

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting... Critical Unreviewed

CVE-2021-27460 was published Mar 24, 2022

A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation... Critical Unreviewed

CVE-2021-27470 was published Mar 24, 2022

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation... Critical Unreviewed

CVE-2021-27462 was published Mar 24, 2022

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell... Critical Unreviewed

CVE-2021-27466 was published Mar 24, 2022

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this... Critical Unreviewed

CVE-2020-19229 was published Apr 6, 2022

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an... Critical Unreviewed

CVE-2021-33207 was published Apr 6, 2022

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1... Critical Unreviewed

CVE-2022-23450 was published Apr 13, 2022

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later... Critical Unreviewed

CVE-2022-26133 was published Apr 21, 2022

pearweb < 1.32 suffers from Deserialization of Untrusted Data. Critical Unreviewed

CVE-2022-27158 was published Apr 16, 2022

The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes... Critical Unreviewed

CVE-2021-32935 was published May 24, 2022

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility... Critical Unreviewed

CVE-2020-28032 was published May 24, 2022

The affected products are vulnerable of untrusted data due to deserialization without prior... Critical Unreviewed

CVE-2022-1660 was published Jun 3, 2022

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C... Critical Unreviewed

CVE-2022-29875 was published Jun 2, 2022

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize... Critical Unreviewed

CVE-2016-0360 was published May 17, 2022

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi... Critical Unreviewed

CVE-2017-9830 was published May 17, 2022

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because... Critical Unreviewed

CVE-2022-35857 was published Jul 14, 2022

IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2017-9424 was published May 17, 2022

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux... Critical Unreviewed

CVE-2016-7050 was published May 17, 2022

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary... Critical Unreviewed

CVE-2016-3690 was published May 17, 2022

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. Critical Unreviewed

CVE-2021-41419 was published Jul 19, 2022

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation... Critical Unreviewed

CVE-2022-35223 was published Aug 3, 2022

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML... Critical Unreviewed

CVE-2017-5983 was published May 17, 2022

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a... Critical Unreviewed

CVE-2016-6199 was published May 17, 2022

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON... Critical Unreviewed

CVE-2019-16891 was published May 24, 2022

Previous 1 2 3 4 5 … 19 20 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

493 advisories