GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
640 advisories
Filter by severity
Unsafe Deserialization in jackson-databind
High
CVE-2020-36189
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36187
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36188
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36183
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36184
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36180
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36181
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36185
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36179
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36182
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-24750
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Serialization gadget exploit in jackson-databind
High
CVE-2020-35728
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35491
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35490
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Code Injection in jackson-databind
High
CVE-2020-24616
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows...
High
Unreviewed
CVE-2021-42130
was published
Dec 8, 2021
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object...
High
Unreviewed
CVE-2021-43360
was published
Dec 2, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-36186
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Nov 19, 2021
Nameko Arbitrary code execution due to YAML deserialization
High
CVE-2021-41078
was published
for
nameko
(pip)
Oct 19, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Deserialization of Untrusted Data in com.jsoniter:jsoniter
High
CVE-2021-23441
was published
for
com.jsoniter:jsoniter
(Maven)
Sep 20, 2021
•
withdrawn
Deserialization of Untrusted Data in parlai
High
CVE-2021-39207
was published
for
parlai
(pip)
Sep 13, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39139
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39141
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API