GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
512 advisories
Filter by severity
Esoteric YamlBeans Unsafe Deserialization vulnerability
High
CVE-2023-24621
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured
High
CVE-2023-34040
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Aug 24, 2023
Nacos Spring vulnerable to Unsafe Deserialization
High
CVE-2023-39106
was published
for
com.alibaba.nacos:nacos-spring-context
(Maven)
Aug 21, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Critical
CVE-2023-36480
was published
for
com.aerospike:aerospike-client
(Maven)
Aug 3, 2023
Deserialization vulnerability in Helix workflow and REST
Critical
CVE-2023-38647
was published
for
org.apache.helix:helix-core
(Maven)
Jul 26, 2023
Remote code execution in Apache Jackrabbit
Critical
CVE-2023-37895
was published
for
org.apache.jackrabbit:jackrabbit-standalone
(Maven)
Jul 25, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param
High
CVE-2023-34434
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 25, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability
High
CVE-2023-28754
was published
for
org.apache.shardingsphere:shardingsphere
(Maven)
Jul 19, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Critical
CVE-2023-26512
was published
for
org.apache.eventmesh:eventmesh-connector-rabbitmq
(Maven)
Jul 17, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution
Critical
CVE-2023-36825
was published
for
orchid/platform
(Composer)
Jul 11, 2023
Apache Johnzon Deserialization of Untrusted Data vulnerability
Moderate
CVE-2023-33008
was published
for
org.apache.johnzon:johnzon-mapper
(Maven)
Jul 7, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-31058
was published
for
org.apache.inlong:manager-common
(Maven)
Jul 6, 2023
Solon vulnerable to deserialization of untrusted data
Critical
CVE-2023-35839
was published
for
org.noear:solon
(Maven)
Jun 19, 2023
Whaleal IceFrog is vulnerable to deserialization
Moderate
CVE-2023-3308
was published
for
com.whaleal.icefrog:icefrog-all
(Maven)
Jun 18, 2023
Apache NiFi vulnerable to Deserialization of Untrusted Data
Moderate
CVE-2023-34212
was published
for
org.apache.nifi:nifi-jms-processors
(Maven)
Jun 12, 2023
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Moderate
CVE-2023-27531
was published
for
kredis
(RubyGems)
Jun 9, 2023
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash
Moderate
CVE-2021-32742
was published
for
github.com/vapor/vapor
(Swift)
Jun 9, 2023
xxl-rpc deserialization vulnerability
Critical
CVE-2023-33496
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Jun 7, 2023
glazedlists XML Deserialization vulnerability
Critical
CVE-2023-31890
was published
for
com.glazedlists:glazedlists
(Maven)
May 16, 2023
Apache Linkis DatasourceManager module has deserialization vulnerability
Critical
CVE-2023-29216
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Apr 10, 2023
Apache Linkis JDBC EngineConn has deserialization vulnerability
Critical
CVE-2023-29215
was published
for
org.apache.linkis:linkis-engineconn
(Maven)
Apr 10, 2023
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
High
CVE-2023-27296
was published
for
org.apache.inlong:inlong-manager
(Maven)
Mar 27, 2023
PHAR deserialization allowing remote code execution
Critical
CVE-2023-28115
was published
for
knplabs/knp-snappy
(Composer)
Mar 17, 2023
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
Apache Dubbo vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-23638
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 8, 2023
ProTip!
Advisories are also available from the
GraphQL API