GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Moderate
CVE-2024-45772
was published
for
org.apache.lucene:lucene-replicator
(Maven)
Sep 30, 2024
Reverb use after free vulnerability
Moderate
CVE-2024-8375
was published
for
dm-reverb
(pip)
Sep 19, 2024
By-passing Protection of PharStreamWrapper Interceptor
Moderate
GHSA-4v5g-8pq2-32m2
was published
for
typo3/phar-stream-wrapper
(Composer)
Jun 5, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization
Moderate
CVE-2024-34075
was published
for
kurwov
(npm)
May 3, 2024
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder
Moderate
CVE-2024-28861
was published
for
friendsofsymfony1/symfony1
(Composer)
Mar 22, 2024
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Moderate
CVE-2024-29032
was published
for
qiskit-ibm-runtime
(pip)
Mar 20, 2024
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Moderate
CVE-2024-28859
was published
for
friendsofsymfony1/swiftmailer
(Composer)
Mar 18, 2024
php-svg-lib lacks path validation on font through SVG inline styles
Moderate
CVE-2024-25117
was published
for
phenx/php-svg-lib
(Composer)
Feb 21, 2024
ai-flow Deserialization of Untrusted Data vulnerability
Moderate
CVE-2024-0960
was published
for
ai-flow
(pip)
Jan 27, 2024
PHPEMS Deserialization of Untrusted Data vulnerability
Moderate
CVE-2023-6654
was published
for
phpems/phpems
(Composer)
Dec 10, 2023
Elasticsearch-hadoop Unsafe Deserialization
Moderate
CVE-2023-46674
was published
for
org.elasticsearch:elasticsearch-hadoop
(Maven)
Dec 5, 2023
Drools Core Deserialization of Untrusted Data vulnerability
Moderate
CVE-2022-1415
was published
for
org.drools:drools-core
(Maven)
Sep 11, 2023
Apache Superset Deserialization of Untrusted Data vulnerability
Moderate
CVE-2023-37941
was published
for
apache-superset
(pip)
Sep 6, 2023
Apache Johnzon Deserialization of Untrusted Data vulnerability
Moderate
CVE-2023-33008
was published
for
org.apache.johnzon:johnzon-mapper
(Maven)
Jul 7, 2023
Whaleal IceFrog is vulnerable to deserialization
Moderate
CVE-2023-3308
was published
for
com.whaleal.icefrog:icefrog-all
(Maven)
Jun 18, 2023
Apache NiFi vulnerable to Deserialization of Untrusted Data
Moderate
CVE-2023-34212
was published
for
org.apache.nifi:nifi-jms-processors
(Maven)
Jun 12, 2023
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Moderate
CVE-2023-27531
was published
for
kredis
(RubyGems)
Jun 9, 2023
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash
Moderate
CVE-2021-32742
was published
for
github.com/vapor/vapor
(Swift)
Jun 9, 2023
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
Moderate
CVE-2021-32828
was published
for
org.nuxeo.ecm.platform:nuxeo-platform-oauth
(Maven)
Jan 6, 2023
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data
Moderate
CVE-2022-37023
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22097
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 24, 2022
qlib Deserialization of Untrusted Data vulnerability
Moderate
CVE-2021-23338
was published
for
pyqlib
(pip)
May 24, 2022
Subrion CMS PHP Object Injection
Moderate
CVE-2020-12469
was published
for
intelliants/subrion
(Composer)
May 24, 2022
Deserialization of Untrusted Data in Apache Dubbo
Moderate
CVE-2019-17564
was published
for
org.apache.dubbo:dubbo-rpc-http-invoker
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API