Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,218 advisories

autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow High
CVE-2022-40151 was published for com.thoughtworks.xstream:xstream (Maven) Dec 30, 2022
Denial of service via deserialization attack in nifi Moderate
CVE-2017-15703 was published for org.apache.nifi:nifi-framework-cluster-protocol (Maven) Oct 25, 2019
Deserialization of Untrusted Data in Apache Olingo Critical
CVE-2019-17556 was published for org.apache.olingo:odata-client-proxy (Maven) Feb 4, 2020
High severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 High
CVE-2017-12612 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed High
CVE-2018-1000210 was published for YamlDotNet (NuGet) Oct 16, 2018
Critical severity vulnerability that affects org.apache.solr:solr-core Critical
CVE-2019-0192 was published for org.apache.solr:solr-core (Maven) Mar 14, 2019
Deserialization of Untrusted Data in swagger-codegen High
CVE-2017-1000207 was published for io.swagger:swagger-codegen (Maven) Oct 19, 2018
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-19361 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Unauthenticated Remote Code Execution in Apache JMeter Critical
CVE-2019-0187 was published for org.apache.jmeter:ApacheJMeter (Maven) Mar 7, 2019
Deserialization of Untrusted Data in swagger-parser High
CVE-2017-1000208 was published for io.swagger:swagger-codegen (Maven) Oct 19, 2018
Remote Code Execution in AjaxNetProfessional Critical
GHSA-6r7c-6w96-8pvw was published for AjaxNetProfessional (NuGet) Dec 7, 2021
h0ng10 mwulftange
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data High
GHSA-3w6p-8f82-gw8r was published for ru.yandex.clickhouse:clickhouse-jdbc-bridge (Maven) Dec 17, 2021
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
CoAPthon3 vulnerable to Deserialization of Untrusted Data High
CVE-2018-12679 was published for CoAPthon3 (pip) Apr 8, 2019
Arbitrary Code Execution in Cookie Serialization High
CVE-2017-1000053 was published for plug (Erlang) Apr 12, 2022
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied... High Unreviewed
CVE-2022-41778 was published Jan 13, 2023
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp.... Critical Unreviewed
CVE-2022-4890 was published Jan 16, 2023
The Anti-Malware Security and Brute-Force Firewall WordPress plugin through 4.21.85 is prone to a... High Unreviewed
CVE-2022-4327 was published Jan 16, 2023
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object... High Unreviewed
CVE-2023-22850 was published Jan 14, 2023
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users... High Unreviewed
CVE-2022-23940 was published Mar 11, 2022
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x... High Unreviewed
CVE-2022-26503 was published Mar 18, 2022
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation... Critical Unreviewed
CVE-2021-27470 was published Mar 24, 2022
ProTip! Advisories are also available from the GraphQL API