GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
640 advisories
Filter by severity
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39148
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Insecure Deserialization in Apache Commons Beanutils
High
CVE-2019-10086
was published
for
commons-beanutils:commons-beanutils
(Maven)
Jun 15, 2020
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability...
High
Unreviewed
CVE-2022-36964
was published
Nov 29, 2022
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web...
High
Unreviewed
CVE-2019-5069
was published
May 24, 2022
Deserialization of Untrusted Data in Spring Batch
High
CVE-2020-5411
was published
for
org.springframework.batch:spring-batch-core
(Maven)
May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39139
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Infinispan
High
CVE-2018-1131
was published
for
org.infinispan:infinispan-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Spring-flex
High
CVE-2017-3203
was published
for
org.springframework.flex:spring-flex
(Maven)
May 13, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses...
High
Unreviewed
CVE-2020-25259
was published
May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It...
High
Unreviewed
CVE-2020-25260
was published
May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39141
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39153
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11
High
CVE-2022-37022
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39145
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39146
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Deserialization of Untrusted Data in Jenkins
High
CVE-2017-2608
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
High
CVE-2021-4118
was published
for
pytorch-lightning
(pip)
Jan 6, 2022
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360...
High
Unreviewed
CVE-2021-21956
was published
Apr 15, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker...
High
Unreviewed
CVE-2019-6834
was published
Apr 14, 2022
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an...
High
Unreviewed
CVE-2022-20763
was published
Apr 7, 2022
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater...
High
Unreviewed
CVE-2022-1032
was published
Mar 30, 2022
ProTip!
Advisories are also available from the
GraphQL API