GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,532
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,984
Maven 5,159
npm 3,701
NuGet 657
pip 3,325
Pub 11
RubyGems 882
Rust 835
Swift 35

Unreviewed advisories

All unreviewed 233,081

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

367 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp.... Critical Unreviewed

CVE-2022-4890 was published Jan 16, 2023

A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation... Critical Unreviewed

CVE-2021-27470 was published Mar 24, 2022

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting... Critical Unreviewed

CVE-2021-27460 was published Mar 24, 2022

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation... Critical Unreviewed

CVE-2021-27462 was published Mar 24, 2022

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell... Critical Unreviewed

CVE-2021-27466 was published Mar 24, 2022

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this... Critical Unreviewed

CVE-2020-19229 was published Apr 6, 2022

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an... Critical Unreviewed

CVE-2021-33207 was published Apr 6, 2022

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1... Critical Unreviewed

CVE-2022-23450 was published Apr 13, 2022

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later... Critical Unreviewed

CVE-2022-26133 was published Apr 21, 2022

pearweb < 1.32 suffers from Deserialization of Untrusted Data. Critical Unreviewed

CVE-2022-27158 was published Apr 16, 2022

The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes... Critical Unreviewed

CVE-2021-32935 was published May 24, 2022

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility... Critical Unreviewed

CVE-2020-28032 was published May 24, 2022

The affected products are vulnerable of untrusted data due to deserialization without prior... Critical Unreviewed

CVE-2022-1660 was published Jun 3, 2022

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C... Critical Unreviewed

CVE-2022-29875 was published Jun 2, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed

CVE-2022-44559 was published Nov 10, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed

CVE-2022-44558 was published Nov 10, 2022

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization... Critical Unreviewed

CVE-2017-4914 was published May 17, 2022

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize... Critical Unreviewed

CVE-2016-0360 was published May 17, 2022

dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). Critical Unreviewed

CVE-2018-18447 was published Oct 13, 2022

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi... Critical Unreviewed

CVE-2017-9830 was published May 17, 2022

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because... Critical Unreviewed

CVE-2022-35857 was published Jul 14, 2022

IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2017-9424 was published May 17, 2022

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux... Critical Unreviewed

CVE-2016-7050 was published May 17, 2022

dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). Critical Unreviewed

CVE-2018-18446 was published Oct 13, 2022

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary... Critical Unreviewed

CVE-2016-3690 was published May 17, 2022

Previous 1 2 3 4 5 … 14 15 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

367 advisories