GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,349 advisories
Filter by severity
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
Critical
Unreviewed
CVE-2018-18446
was published
Oct 13, 2022
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary...
Critical
Unreviewed
CVE-2016-3690
was published
May 17, 2022
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to...
Critical
Unreviewed
CVE-2017-9363
was published
May 17, 2022
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
Critical
Unreviewed
CVE-2021-41419
was published
Jul 19, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data
High
CVE-2022-39298
was published
for
melisplatform/melis-front
(Composer)
Oct 11, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data
High
CVE-2022-39297
was published
for
melisplatform/melis-cms
(Composer)
Oct 11, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior...
High
Unreviewed
CVE-2022-33320
was published
Jul 21, 2022
An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an...
High
Unreviewed
CVE-2022-30981
was published
Jul 18, 2022
An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local...
High
Unreviewed
CVE-2021-36665
was published
Jul 13, 2022
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety...
High
Unreviewed
CVE-2022-27580
was published
Jul 20, 2022
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation...
Critical
Unreviewed
CVE-2022-35223
was published
Aug 3, 2022
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi...
High
Unreviewed
CVE-2022-27579
was published
Jul 20, 2022
This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability...
High
Unreviewed
CVE-2022-1984
was published
Jul 20, 2022
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML...
Critical
Unreviewed
CVE-2017-5983
was published
May 17, 2022
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a...
Critical
Unreviewed
CVE-2016-6199
was published
May 17, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior...
High
Unreviewed
CVE-2022-33315
was published
Jul 21, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior...
High
Unreviewed
CVE-2022-33316
was published
Jul 21, 2022
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON...
Critical
Unreviewed
CVE-2019-16891
was published
May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2022-35870
was published
Jul 26, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior...
Critical
Unreviewed
CVE-2022-33318
was published
Jul 21, 2022
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an...
High
Unreviewed
CVE-2022-2903
was published
Sep 27, 2022
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote...
High
Unreviewed
CVE-2016-7065
was published
May 17, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2022-35872
was published
Jul 26, 2022
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured...
Critical
Unreviewed
CVE-2016-6330
was published
May 17, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to...
High
Unreviewed
CVE-2019-9057
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API