Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

127 advisories

Loading
Jenkins CLI Deserialization of Untrusted Data vulnerability Critical
CVE-2015-8103 was published for org.jenkins-ci.main:cli (Maven) May 13, 2022
sunSUNQ
Deserialization of Untrusted Data in Apache commons collections Critical
CVE-2015-7501 was published for commons-collections:commons-collections (Maven) May 13, 2022
wtwhite
Deserialization of Untrusted Data in Jython Critical
CVE-2016-4000 was published for org.python:jython (Maven) May 13, 2022
Deserialization of Untrusted Data in Groovy Critical
CVE-2016-6814 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
SunBK201 SebGondron
Apache MyFaces Trinidad Deserialization Vulnerability Critical
CVE-2016-5019 was published for org.apache.myfaces.trinidad:trinidad (Maven) May 13, 2022
Pippo RCE Vulnerability Critical
CVE-2018-18240 was published for ro.pippo:pippo-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Apache Batik Critical
CVE-2018-8013 was published for org.apache.xmlgraphics:batik (Maven) May 13, 2022
MarkLee131
Apache Flex BlazeDS unsafe deserialization Critical
CVE-2017-5641 was published for org.apache.flex.blazeds:flex-messaging-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Jenkins Critical
CVE-2017-1000353 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Jenkins Critical
CVE-2018-1000861 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console Critical
CVE-2022-25767 was published for com.bstek.ureport:ureport2-console (Maven) May 3, 2022
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2021-30179 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Deserializer tampering in Apache Dubbo Critical
CVE-2021-25641 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Deserialization of Untrusted Data in Jodd Critical
CVE-2018-21234 was published for org.jodd:jodd-json (Maven) Feb 10, 2022
Deserialization of Untrusted Data in Apache Dubbo Critical
CVE-2020-1948 was published for org.apache.dubbo:dubbo (Maven) Feb 10, 2022
Serialization vulnerability in Apache Tapestry Critical
CVE-2020-17531 was published for org.apache.tapestry:tapestry-project (Maven) Feb 9, 2022
Remote code execution in DolphinScheduler Critical
CVE-2020-11974 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 9, 2022
Deserialization exploitation in Apache Dubbo Critical
CVE-2020-11995 was published for org.apache.dubbo:dubbo-parent (Maven) Feb 9, 2022
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Deserialization of Untrusted Data in Apache Log4j Critical
CVE-2022-23307 was published for log4j:log4j (Maven) Jan 19, 2022
zbazztian SebGondron
Deserialization of Untrusted Data in Dubbo Critical
CVE-2021-43297 was published for org.apache.dubbo:dubbo (Maven) Jan 12, 2022
RCE in H2 Console Critical
CVE-2021-42392 was published for com.h2database:h2 (Maven) Jan 6, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database