Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

407 advisories

Loading
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object... High Unreviewed
CVE-2021-43360 was published Dec 2, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows... High Unreviewed
CVE-2021-42130 was published Dec 8, 2021
In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization... High Unreviewed
CVE-2021-0970 was published Dec 16, 2021
In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization... High Unreviewed
CVE-2021-0928 was published Dec 16, 2021
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A... High Unreviewed
CVE-2021-20318 was published Dec 24, 2021
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading... High Unreviewed
CVE-2021-42631 was published Feb 1, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-22005 was published Feb 10, 2022
In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization... High Unreviewed
CVE-2021-39676 was published Feb 12, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... High Unreviewed
CVE-2022-0138 was published Feb 19, 2022
A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to... High Unreviewed
CVE-2022-24282 was published Mar 9, 2022
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users... High Unreviewed
CVE-2022-23940 was published Mar 11, 2022
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x... High Unreviewed
CVE-2022-26503 was published Mar 18, 2022
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects... High Unreviewed
CVE-2021-27475 was published Mar 24, 2022
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater... High Unreviewed
CVE-2022-1032 was published Mar 30, 2022
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an... High Unreviewed
CVE-2022-20763 was published Apr 7, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code... High Unreviewed
CVE-2022-22957 was published Apr 14, 2022
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker... High Unreviewed
CVE-2019-6834 was published Apr 14, 2022
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360... High Unreviewed
CVE-2021-21956 was published Apr 15, 2022
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to... High Unreviewed
CVE-2003-0791 was published Apr 29, 2022
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code... High Unreviewed
CVE-2022-29936 was published Apr 30, 2022
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the ... High Unreviewed
CVE-2022-1463 was published May 11, 2022
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A... High Unreviewed
CVE-2016-9045 was published May 13, 2022
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state... High Unreviewed
CVE-2018-15686 was published May 13, 2022
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent... High Unreviewed
CVE-2016-4483 was published May 13, 2022
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows... High Unreviewed
CVE-2018-16364 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database