Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

246 advisories

Loading
Deserialization of Untrusted Data in Spring Batch High
CVE-2020-5411 was published for org.springframework.batch:spring-batch-core (Maven) May 24, 2022
OpenNMS Horizon RCE via Unsafe Deserialization High
CVE-2020-12760 was published for org.opennms.core:org.opennms.core.daemon (Maven) May 24, 2022
RCE vulnerability in SCM Filter Jervis Plugin High
CVE-2020-2189 was published for io.jenkins.plugins:scm-filter-jervis (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins AWS SAM Plugin High
CVE-2020-2180 was published for io.jenkins.plugins:aws-sam (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Yaml Axis Plugin High
CVE-2020-2179 was published for org.jenkins-ci.plugins:yaml-axis (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Azure Container Service Plugin High
CVE-2020-2168 was published for org.jenkins-ci.plugins:azure-acs (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin High
CVE-2020-2166 was published for de.taimos:pipeline-aws (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins OpenShift Pipeline Plugin High
CVE-2020-2167 was published for com.openshift.jenkins:openshift-pipeline (Maven) May 24, 2022
NotMyFault
Remote Code Execution vulnerability in Jenkins Literate Plugin High
CVE-2020-2158 was published for org.jenkins-ci.plugins:literate (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Google Kubernetes Engine Plugin High
CVE-2020-2121 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
NotMyFault
RCE vulnerability in RadarGun Plugin High
CVE-2020-2123 was published for org.jenkins-ci.plugins:radargun (Maven) May 24, 2022
NotMyFault
TYPO3 Insecure Deserialization in Query Generator & Query View High
CVE-2019-19849 was published for typo3/cms (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-8141 was published for magento/community-edition (Composer) May 24, 2022
Pimcore RCE via PHAR upload High
CVE-2019-16317 was published for pimcore/pimcore (Composer) May 24, 2022
Shopware Insecure Deserialization Vulnerability High
CVE-2019-12799 was published for shopware/shopware (Composer) May 24, 2022
Deserialization of Untrusted Data in Hazelcast High
CVE-2016-10750 was published for com.hazelcast:hazelcast (Maven) May 24, 2022
gopkg.in/yaml.v3 Denial of Service High
CVE-2022-28948 was published for gopkg.in/yaml.v3 (Go) May 20, 2022
fourdim thediveo
Deserialization of Untrusted Data in Apache Tomcat High
CVE-2013-2185 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Restlet Arbitrary Java Code Execution via a serialized object High
CVE-2013-4271 was published for org.restlet.jse:org.restlet (Maven) May 17, 2022
Deserialization of Untrusted Data in Apache Brooklyn High
CVE-2016-8744 was published for org.apache.brooklyn:brooklyn (Maven) May 17, 2022
Apache James Privilege Escalation High
CVE-2017-12628 was published for org.apache.james:james-project (Maven) May 17, 2022
Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin High
CVE-2018-1000058 was published for org.jenkins-ci.plugins.workflow:workflow-support (Maven) May 14, 2022
Apache Geode unsafe deserialization of application objects High
CVE-2017-15693 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Deserialization of Untrusted Data in Apache OpenJPA High
CVE-2013-1768 was published for org.apache.openjpa:openjpa (Maven) May 14, 2022
MarkLee131
OISF suricata-update unsafely deserializes YAML data High
CVE-2018-1000167 was published for suricata-update (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database