Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

640 advisories

Loading
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39148 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
wh1t3p1g
Insecure Deserialization in Apache Commons Beanutils High
CVE-2019-10086 was published for commons-beanutils:commons-beanutils (Maven) Jun 15, 2020
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed
CVE-2022-36964 was published Nov 29, 2022
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web... High Unreviewed
CVE-2019-5069 was published May 24, 2022
Deserialization of Untrusted Data in Spring Batch High
CVE-2020-5411 was published for org.springframework.batch:spring-batch-core (Maven) May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39139 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39150 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Deserialization of Untrusted Data in Infinispan High
CVE-2018-1131 was published for org.infinispan:infinispan-core (Maven) May 13, 2022
Deserialization of Untrusted Data in Spring-flex High
CVE-2017-3203 was published for org.springframework.flex:spring-flex (Maven) May 13, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses... High Unreviewed
CVE-2020-25259 was published May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It... High Unreviewed
CVE-2020-25260 was published May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39141 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39153 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39154 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ka1n4t
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39149 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11 High
CVE-2022-37022 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39145 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Li4n0
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39146 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Deserialization of Untrusted Data in Jenkins High
CVE-2017-2608 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
pytorch-lightning is vulnerable to Deserialization of Untrusted Data High
CVE-2021-4118 was published for pytorch-lightning (pip) Jan 6, 2022
akihironitta
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360... High Unreviewed
CVE-2021-21956 was published Apr 15, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker... High Unreviewed
CVE-2019-6834 was published Apr 14, 2022
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an... High Unreviewed
CVE-2022-20763 was published Apr 7, 2022
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater... High Unreviewed
CVE-2022-1032 was published Mar 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database