GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data
High
CVE-2023-25194
was published
for
org.apache.kafka:connect
(Maven)
Feb 7, 2023
Apache Linkis contains Deserialization of Untrusted Data
High
CVE-2022-44645
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
High
CVE-2022-40151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 30, 2022
XStream can cause Denial of Service via stack overflow
High
CVE-2022-41966
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 29, 2022
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Apache Linkis subject to Remote Code Execution via deserialization
High
CVE-2022-39944
was published
for
org.apache.linkis:linkis
(Maven)
Oct 26, 2022
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
RCE vulnerability in Jenkins DotCi Plugin
High
CVE-2022-41237
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
Apache InLong vulnerable to Deserialization of Untrusted Data
High
CVE-2022-40955
was published
for
org.apache.inlong:inlong-common
(Maven)
Sep 21, 2022
Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11
High
CVE-2022-37022
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
Deserialization of Untrusted Data in Apache Hadoop YARN
High
CVE-2021-25642
was published
for
org.apache.hadoop:hadoop-yarn-server
(Maven)
Aug 26, 2022
jackson-databind before 2.9.10.4 vulnerable to unsafe deserialization
High
CVE-2020-10650
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 15, 2022
User account escalation in Apache Hadoop
High
CVE-2021-33036
was published
for
org.apache.hadoop:hadoop-yarn-server-common
(Maven)
Jun 16, 2022
Unsafe deserialization in com.alibaba:fastjson
High
CVE-2022-25845
was published
for
com.alibaba:fastjson
(Maven)
Jun 11, 2022
RCE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2021-21677
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
Improper handling of REST API XML deserialization errors in Jenkins
High
CVE-2021-21604
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution
High
CVE-2020-10721
was published
for
io.fabric8:fabric8-maven-plugin
(Maven)
May 24, 2022
Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data
High
CVE-2020-15777
was published
for
com.gradle:gradle-enterprise-maven-extension
(Maven)
May 24, 2022
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin
High
CVE-2020-2211
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Wildfly Unsafe Deserialization Vulnerability
High
CVE-2020-10740
was published
for
org.wildfly:wildfly-parent
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Spring Batch
High
CVE-2020-5411
was published
for
org.springframework.batch:spring-batch-core
(Maven)
May 24, 2022
OpenNMS Horizon RCE via Unsafe Deserialization
High
CVE-2020-12760
was published
for
org.opennms.core:org.opennms.core.daemon
(Maven)
May 24, 2022
RCE vulnerability in SCM Filter Jervis Plugin
High
CVE-2020-2189
was published
for
io.jenkins.plugins:scm-filter-jervis
(Maven)
May 24, 2022
RCE vulnerability in Jenkins AWS SAM Plugin
High
CVE-2020-2180
was published
for
io.jenkins.plugins:aws-sam
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API