GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,892
Composer 4,266
Erlang 31
GitHub Actions 21
Go 2,041
Maven 5,224
npm 3,733
NuGet 662
pip 3,414
Pub 12
RubyGems 891
Rust 866
Swift 36

Unreviewed advisories

All unreviewed 238,129

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

398 advisories

Filter by severity

Sort by

Least recently updated

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10... Critical Unreviewed

CVE-2019-10068 was published May 13, 2022

Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via... Critical Unreviewed

CVE-2016-3415 was published May 13, 2022

ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com... Critical Unreviewed

CVE-2017-14702 was published May 13, 2022

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it... Critical Unreviewed

CVE-2017-5878 was published May 13, 2022

In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed... Critical Unreviewed

CVE-2018-20718 was published May 13, 2022

CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call... Critical Unreviewed

CVE-2018-10085 was published May 13, 2022

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in... Critical Unreviewed

CVE-2018-1000641 was published May 13, 2022

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request... Critical Unreviewed

CVE-2018-1000525 was published May 13, 2022

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form... Critical Unreviewed

CVE-2018-1000059 was published May 13, 2022

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote... Critical Unreviewed

CVE-2016-1114 was published May 13, 2022

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10... Critical Unreviewed

CVE-2017-3066 was published May 13, 2022

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed

CVE-2017-11283 was published May 13, 2022

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and... Critical Unreviewed

CVE-2017-11284 was published May 13, 2022

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have... Critical Unreviewed

CVE-2018-4939 was published May 13, 2022

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed

CVE-2018-15957 was published May 13, 2022

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed

CVE-2018-15958 was published May 13, 2022

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed

CVE-2018-15959 was published May 13, 2022

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed

CVE-2018-15965 was published May 13, 2022

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to... Critical Unreviewed

CVE-2018-0147 was published May 13, 2022

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5... Critical Unreviewed

CVE-2018-15691 was published May 13, 2022

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote... Critical Unreviewed

CVE-2014-9515 was published May 13, 2022

An exploitable code execution vulnerability exists in the Levin deserialization functionality of... Critical Unreviewed

CVE-2018-3972 was published May 13, 2022

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function... Critical Unreviewed

CVE-2022-29363 was published May 13, 2022

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a... Critical Unreviewed

CVE-2020-23620 was published May 4, 2022

The Java Remote Management Interface of all versions of SVI MS Management System was discovered... Critical Unreviewed

CVE-2020-23621 was published May 4, 2022

Previous 1 2 … 12 13 14 15 16 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

398 advisories