Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Moderate
CVE-2025-27528 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Moderate
CVE-2025-27526 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
aizuda snail-job Vulnerable to Deserialization via `nodeExpression` Argument Moderate
CVE-2025-2622 was published for com.aizuda:snail-job (Maven) Mar 22, 2025
Apache NiFi vulnerable to Deserialization of Untrusted Data Moderate
CVE-2023-34212 was published for org.apache.nifi:nifi-jms-processors (Maven) Jun 12, 2023
exceptionfactory
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. Moderate
CVE-2024-45772 was published for org.apache.lucene:lucene-replicator (Maven) Sep 30, 2024
streichsbaer
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22095 was published for org.springframework.amqp:spring-amqp (Maven) Dec 1, 2021
SunBK201
Drools Core Deserialization of Untrusted Data vulnerability Moderate
CVE-2022-1415 was published for org.drools:drools-core (Maven) Sep 11, 2023
Deserialization of Untrusted Data in FasterXML jackson-databind Moderate
CVE-2019-12384 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 5, 2019
sunSUNQ
Deserialization of untrusted data in FasterXML jackson-databind Moderate
CVE-2019-12814 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 17, 2019
sunSUNQ
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data Moderate
CVE-2011-2894 was published for org.springframework.security:spring-security-core (Maven) May 14, 2022
sunSUNQ
Deserialization of Untrusted Data in Jenkins Moderate
CVE-2017-1000355 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Whaleal IceFrog is vulnerable to deserialization Moderate
CVE-2023-3308 was published for com.whaleal.icefrog:icefrog-all (Maven) Jun 18, 2023
DoS vulnerability in bundled XStream library in Jenkins Core Moderate
CVE-2022-0538 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 10, 2022
NotMyFault
Deserialization of Untrusted Data in Jenkins Moderate
CVE-2018-1999042 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Elasticsearch-hadoop Unsafe Deserialization Moderate
CVE-2023-46674 was published for org.elasticsearch:elasticsearch-hadoop (Maven) Dec 5, 2023
Apache Johnzon Deserialization of Untrusted Data vulnerability Moderate
CVE-2023-33008 was published for org.apache.johnzon:johnzon-mapper (Maven) Jul 7, 2023
Denial of Service in Google Guava Moderate
CVE-2018-10237 was published for com.google.guava:guava (Maven) Jun 15, 2020
fabric8 kubernetes-client vulnerable Moderate
CVE-2021-4178 was published for io.fabric8:kubernetes-client (Maven) Jul 15, 2022
sbenhai tdunlap607
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21342 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Deserialization of Untrusted Data in Apache Dubbo Moderate
CVE-2019-17564 was published for org.apache.dubbo:dubbo-rpc-http-invoker (Maven) May 24, 2022
YAML deserialization can run untrusted code Moderate
CVE-2021-39132 was published for org.rundeck:rundeck-core (Maven) Sep 1, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21346 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21350 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21349 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) Moderate
CVE-2021-21348 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database