GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
Denial of service via deserialization attack in nifi
Moderate
CVE-2017-15703
was published
for
org.apache.nifi:nifi-framework-cluster-protocol
(Maven)
Oct 25, 2019
XStream can cause a Denial of Service
Moderate
CVE-2021-39140
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data
Moderate
CVE-2022-37023
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22097
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 24, 2022
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
Moderate
CVE-2021-32828
was published
for
org.nuxeo.ecm.platform:nuxeo-platform-oauth
(Maven)
Jan 6, 2023
Code injection in Kubernetes Java Client
Moderate
CVE-2021-25738
was published
for
io.kubernetes:client-java
(Maven)
Oct 12, 2021
Deserialization of Untrusted Data in Beaker
Moderate
CVE-2013-7489
was published
for
Beaker
(pip)
May 5, 2022
Deserialization of Untrusted Data in logback
Moderate
CVE-2021-42550
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 17, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21351
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21347
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21344
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
Moderate
CVE-2021-21348
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
Moderate
CVE-2021-21343
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21350
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21346
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
YAML deserialization can run untrusted code
Moderate
CVE-2021-39132
was published
for
org.rundeck:rundeck-core
(Maven)
Sep 1, 2021
Deserialization of Untrusted Data in Apache Dubbo
Moderate
CVE-2019-17564
was published
for
org.apache.dubbo:dubbo-rpc-http-invoker
(Maven)
May 24, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21342
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Deserialization of Untrusted Data in ParlAI
Moderate
CVE-2021-24040
was published
for
parlai
(pip)
Sep 13, 2021
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Moderate
CVE-2023-27531
was published
for
kredis
(RubyGems)
Jun 9, 2023
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash
Moderate
CVE-2021-32742
was published
for
github.com/vapor/vapor
(Swift)
Jun 9, 2023
Deserialization of Untrusted Data in bson
Moderate
CVE-2019-2391
was published
for
bson
(npm)
Feb 10, 2022
Deserialization of Untrusted Data in Flask-Caching
Moderate
CVE-2021-33026
was published
for
Flask-Caching
(pip)
Jun 18, 2021
ProTip!
Advisories are also available from the
GraphQL API