GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
Apache MyFaces Trinidad Deserialization Vulnerability
Critical
CVE-2016-5019
was published
for
org.apache.myfaces.trinidad:trinidad
(Maven)
May 13, 2022
Pippo RCE Vulnerability
Critical
CVE-2018-18240
was published
for
ro.pippo:pippo-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Apache Batik
Critical
CVE-2018-8013
was published
for
org.apache.xmlgraphics:batik
(Maven)
May 13, 2022
Apache Flex BlazeDS unsafe deserialization
Critical
CVE-2017-5641
was published
for
org.apache.flex.blazeds:flex-messaging-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jenkins
Critical
CVE-2017-1000353
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jenkins
Critical
CVE-2018-1000861
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
Critical
CVE-2022-25767
was published
for
com.bstek.ureport:ureport2-console
(Maven)
May 3, 2022
Deserialization of Untrusted Data in Apache Dubbo
Critical
CVE-2021-30179
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Deserializer tampering in Apache Dubbo
Critical
CVE-2021-25641
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Deserialization of Untrusted Data in Jodd
Critical
CVE-2018-21234
was published
for
org.jodd:jodd-json
(Maven)
Feb 10, 2022
Deserialization of Untrusted Data in Apache Dubbo
Critical
CVE-2020-1948
was published
for
org.apache.dubbo:dubbo
(Maven)
Feb 10, 2022
Serialization vulnerability in Apache Tapestry
Critical
CVE-2020-17531
was published
for
org.apache.tapestry:tapestry-project
(Maven)
Feb 9, 2022
Remote code execution in DolphinScheduler
Critical
CVE-2020-11974
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 9, 2022
Deserialization exploitation in Apache Dubbo
Critical
CVE-2020-11995
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Feb 9, 2022
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
Deserialization of Untrusted Data in Apache Log4j
Critical
CVE-2022-23307
was published
for
log4j:log4j
(Maven)
Jan 19, 2022
Deserialization of Untrusted Data in Dubbo
Critical
CVE-2021-43297
was published
for
org.apache.dubbo:dubbo
(Maven)
Jan 12, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-40865
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils
Critical
CVE-2021-41616
was published
for
org.apache.ddlutils:ddlutils
(Maven)
Oct 4, 2021
Security check skip in Apache Dubbo
Critical
CVE-2021-37579
was published
for
org.apache.dubbo:dubbo
(Maven)
Sep 10, 2021
Hessian protocol configuration vulnerability in Apache Dubbo
Critical
CVE-2021-36163
was published
for
org.apache.dubbo:dubbo
(Maven)
Sep 8, 2021
ProTip!
Advisories are also available from the
GraphQL API