GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
315 advisories
Filter by severity
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
High
CVE-2024-47072
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 7, 2024
pac4j-core affected by a Java deserialization vulnerability
Critical
CVE-2023-25581
was published
for
org.pac4j:pac4j-core
(Maven)
Oct 11, 2024
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Critical
CVE-2024-47561
was published
for
org.apache.avro:avro
(Maven)
Oct 3, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Moderate
CVE-2024-45772
was published
for
org.apache.lucene:lucene-replicator
(Maven)
Sep 30, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Apache Seata Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-22399
was published
for
org.apache.seata:seata-core
(Maven)
Sep 16, 2024
Redisson vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-42809
was published
for
org.redisson:redisson
(Maven)
Aug 5, 2024
XXL-RPC Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-45146
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Aug 5, 2024
H2O vulnerable to Deserialization of Untrusted Data
High
CVE-2024-6960
was published
for
ai.h2o:h2o-core
(Maven)
Jul 21, 2024
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability
High
CVE-2023-49566
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Linkis DataSource remote code execution vulnerability
High
CVE-2023-46801
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability
High
CVE-2024-26579
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 8, 2024
nGrinder vulnerable to unsafe Java objects deserialization
Critical
CVE-2024-28213
was published
for
org.ngrinder:ngrinder-core
(Maven)
Mar 7, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Critical
CVE-2024-26580
was published
for
org.apache.inlong:manager-common
(Maven)
Mar 6, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
High
CVE-2024-22871
was published
for
org.clojure:clojure
(Maven)
Feb 29, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Critical
CVE-2023-51518
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Remote Command Execution in SOFARPC
Critical
CVE-2024-23636
was published
for
com.alipay.sofa:rpc-sofa-boot-starter
(Maven)
Jan 23, 2024
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
Critical
CVE-2017-20189
was published
for
org.clojure:clojure
(Maven)
Jan 22, 2024
Apache InLong Manager Arbitrary File Read Vulnerability
High
CVE-2023-51785
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Apache IoTDB: Unsafe deserialize map in Sync Tool
High
CVE-2023-51656
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Dec 21, 2023
Bypass serialize checks in Apache Dubbo
High
CVE-2023-29234
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Critical
CVE-2023-46279
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
Elasticsearch-hadoop Unsafe Deserialization
Moderate
CVE-2023-46674
was published
for
org.elasticsearch:elasticsearch-hadoop
(Maven)
Dec 5, 2023
ProTip!
Advisories are also available from the
GraphQL API