GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
262 advisories
Deserialization of Untrusted Data in Log4j 1.x
High
CVE-2022-23302
was published
for
log4j:log4j
(Maven)
Jan 21, 2022
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data
High
CVE-2023-25194
was published
for
org.apache.kafka:connect
(Maven)
Feb 7, 2023
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator
High
CVE-2025-24357
was published
for
vllm
(pip)
Jan 27, 2025
PowSyBl Core allows deserialization of untrusted SparseMatrix data
High
CVE-2025-47771
was published
for
com.powsybl:powsybl-math
(Maven)
Jun 19, 2025
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Unsafe deserialization in SmtpTransport in CakePHP
High
CVE-2019-11458
was published
for
cakephp/cakephp
(Composer)
Dec 2, 2019
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
High
CVE-2025-30165
was published
for
vllm
(pip)
May 6, 2025
jooby-pac4j: deserialization of untrusted data
High
CVE-2025-31129
was published
for
io.jooby:jooby-pac4j
(Maven)
Apr 1, 2025
Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form
High
CVE-2025-30160
was published
for
redlib
(Rust)
Mar 21, 2025
Deserialization of Untrusted Data in Hugging Face Transformers
High
CVE-2024-11393
was published
for
transformers
(pip)
Nov 23, 2024
Deserialization of Untrusted Data in Hugging Face Transformers
High
CVE-2024-11392
was published
for
transformers
(pip)
Nov 23, 2024
ProTip!
Advisories are also available from the
GraphQL API