Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,386 advisories

Loading
Deserialization of Untrusted Data in parlai Moderate
CVE-2021-39207 was published for parlai (pip) Sep 13, 2021
Anon-Artist
Security check skip in Apache Dubbo Critical
CVE-2021-37579 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
Hessian protocol configuration vulnerability in Apache Dubbo Critical
CVE-2021-36163 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
Deserialization of Untrusted Data in codeception/codeception Critical
CVE-2021-23420 was published for codeception/codeception (Composer) Sep 1, 2021
Deserialization of Untrusted Data in Neo4j Critical
CVE-2021-34371 was published for org.neo4j:neo4j (Maven) Sep 1, 2021
YAML deserialization can run untrusted code Moderate
CVE-2021-39132 was published for org.rundeck:rundeck-core (Maven) Sep 1, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39139 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream can cause a Denial of Service Moderate
CVE-2021-39140 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39141 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-39144 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39145 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Li4n0
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39146 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39147 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39148 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39149 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39150 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39152 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39153 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39154 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ka1n4t
Arbitrary code execution due to YAML deserialization Critical
CVE-2021-37678 was published for tensorflow (pip) Aug 25, 2021
Deserialization of Untrusted Data in Apache jUDDI Critical
CVE-2021-37578 was published for org.apache.juddi:juddi-core (Maven) Aug 9, 2021
Deserialization of Untrusted Data in msgpack Critical
CVE-2021-23410 was published for msgpack (npm) Jul 26, 2021 withdrawn
Remote Code Execution Vulnerability in Session Storage Critical
CVE-2021-29485 was published for io.ratpack:ratpack-core (Maven) Jul 1, 2021
JLLeitschuh
Deserialization of Untrusted Data in NukeViet Critical
CVE-2019-7725 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database