Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,044
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
Deserializer tampering in Apache Dubbo Critical
CVE-2021-25641 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Deserialization of Untrusted Data in Jodd Critical
CVE-2018-21234 was published for org.jodd:jodd-json (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2020-1948 was published for org.apache.dubbo:dubbo (Maven) Feb 10, 2022
Serialization vulnerability in Apache Tapestry Critical
CVE-2020-17531 was published for org.apache.tapestry:tapestry-project (Maven) Feb 9, 2022
Remote code execution in DolphinScheduler Critical
CVE-2020-11974 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 9, 2022
Deserialization exploitation in Apache Dubbo Critical
CVE-2020-11995 was published for org.apache.dubbo:dubbo-parent (Maven) Feb 9, 2022
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Deserialization of Untrusted Data in Apache Log4j Critical
CVE-2022-23307 was published for log4j:log4j (Maven) Jan 19, 2022
zbazztian SebGondron
Deserialization of Untrusted Data in Dubbo Critical
CVE-2021-43297 was published for org.apache.dubbo:dubbo (Maven) Jan 12, 2022
RCE in H2 Console Critical
CVE-2021-42392 was published for com.h2database:h2 (Maven) Jan 6, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
ppkarwasz
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm Critical
CVE-2021-40865 was published for org.apache.storm:storm (Maven) Oct 27, 2021
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils Critical
CVE-2021-41616 was published for org.apache.ddlutils:ddlutils (Maven) Oct 4, 2021
Security check skip in Apache Dubbo Critical
CVE-2021-37579 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
Hessian protocol configuration vulnerability in Apache Dubbo Critical
CVE-2021-36163 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
Deserialization of Untrusted Data in Neo4j Critical
CVE-2021-34371 was published for org.neo4j:neo4j (Maven) Sep 1, 2021
Deserialization of Untrusted Data in Apache jUDDI Critical
CVE-2021-37578 was published for org.apache.juddi:juddi-core (Maven) Aug 9, 2021
Remote Code Execution Vulnerability in Session Storage Critical
CVE-2021-29485 was published for io.ratpack:ratpack-core (Maven) Jul 1, 2021
JLLeitschuh
Remote code execution in Apache Tapestry Critical
CVE-2021-27850 was published for org.apache.tapestry:tapestry-core (Maven) Jun 16, 2021
QOS.ch Logback vulnerable to Deserialization of Untrusted Data Critical
CVE-2017-5929 was published for ch.qos.logback:logback-classic (Maven) Jun 7, 2021
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
Code execution in Spring Integration Critical
CVE-2020-5413 was published for org.springframework.integration:spring-integration-core (Maven) Aug 5, 2020
Improper Input Validation in jackson-databind Critical
CVE-2019-17267 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database