Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

689 advisories

Loading
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress... High Unreviewed
CVE-2020-35939 was published May 24, 2022
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all... High Unreviewed
CVE-2020-9301 was published May 24, 2022
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated... High Unreviewed
CVE-2020-35932 was published May 24, 2022
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker... High Unreviewed
CVE-2020-4888 was published May 24, 2022
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x... High Unreviewed
CVE-2020-12525 was published May 24, 2022
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2,... High Unreviewed
CVE-2019-4728 was published May 24, 2022
rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows... High Unreviewed
CVE-2020-8884 was published May 24, 2022
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote... High Unreviewed
CVE-2020-35488 was published May 24, 2022
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file,... High Unreviewed
CVE-2022-3417 was published Jan 10, 2023
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute... High Unreviewed
CVE-2020-4589 was published May 24, 2022
Apache Geode unsafe deserialization of application objects High
CVE-2017-15693 was published for org.apache.geode:geode-core (Maven) May 14, 2022
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an... High Unreviewed
CVE-2022-3679 was published Jan 10, 2023
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve... High Unreviewed
CVE-2020-14172 was published May 24, 2022
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via... High Unreviewed
CVE-2022-4043 was published Jan 10, 2023
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. High Unreviewed
CVE-2022-45077 was published Nov 18, 2022
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote... High Unreviewed
CVE-2020-12133 was published May 24, 2022
Deserialization of Untrusted Data in Gson High
CVE-2022-25647 was published for com.google.code.gson:gson (Maven) May 3, 2022
Remote Code Execution vulnerability in Jenkins Literate Plugin High
CVE-2020-2158 was published for org.jenkins-ci.plugins:literate (Maven) May 24, 2022
NotMyFault
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The... High Unreviewed
CVE-2019-18283 was published May 24, 2022
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin High
CVE-2020-2211 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
NotMyFault
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1... High Unreviewed
CVE-2019-10135 was published May 24, 2022
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and... High Unreviewed
CVE-2022-1118 was published May 18, 2022
Deserialization of Untrusted Data in Apache Hadoop YARN High
CVE-2021-25642 was published for org.apache.hadoop:hadoop-yarn-server (Maven) Aug 26, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action... High Unreviewed
CVE-2019-9061 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database