Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
decsecre583
Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability High
CVE-2020-15842 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Apache InLong: JDBC Vulnerability during verification processing High
CVE-2025-27522 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
jackson-databind vulnerable to unsafe deserialization High
CVE-2020-10650 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 15, 2022
jooby-pac4j: deserialization of untrusted data High
CVE-2025-31129 was published for io.jooby:jooby-pac4j (Maven) Apr 1, 2025
cwm1123
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability High
CVE-2023-49566 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Jenkins allows Deserialization of Untrusted Data via an XML File High
CVE-2016-0792 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Apache InLong Manager Arbitrary File Read Vulnerability High
CVE-2023-51785 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability High
CVE-2023-39913 was published for org.apache.uima:uimaj (Maven) Nov 8, 2023
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for avro (Maven) Sep 29, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param High
CVE-2023-34434 was published for org.apache.inlong:manager-pojo (Maven) Jul 25, 2023
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering High
CVE-2017-9805 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
sunSUNQ
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore High
CVE-2022-41137 was published for org.apache.hive:hive-exec (Maven) Dec 5, 2024
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ pjfanning
logback serialization vulnerability High
CVE-2023-6378 was published for ch.qos.logback:logback-classic (Maven) Nov 29, 2023
jakehall-gocity bvahdat
mpenttila liaodaniel peppers-joseph
Apache Spark Deserialization of Untrusted Data vulnerability High
CVE-2017-12612 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
H2O vulnerable to Deserialization of Untrusted Data High
CVE-2024-6960 was published for ai.h2o:h2o-core (Maven) Jul 21, 2024
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability High
CVE-2023-6267 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Jan 25, 2024
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured High
CVE-2023-34040 was published for org.springframework.kafka:spring-kafka (Maven) Aug 24, 2023
moon2263
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for org.apache.logging.log4j:log4j-core (Maven) Mar 10, 2023
jw123023
SOFA Hessian Remote Command Execution (RCE) Vulnerability High
CVE-2024-46983 was published for com.alipay.sofa:hessian (Maven) Sep 19, 2024
unam4 springkill
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database