Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

689 advisories

Loading
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to... High Unreviewed
CVE-2019-9057 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-35872 was published Jul 26, 2022
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote... High Unreviewed
CVE-2016-7065 was published May 17, 2022
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an... High Unreviewed
CVE-2022-2903 was published Sep 27, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-35870 was published Jul 26, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior... High Unreviewed
CVE-2022-33315 was published Jul 21, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior... High Unreviewed
CVE-2022-33316 was published Jul 21, 2022
This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability... High Unreviewed
CVE-2022-1984 was published Jul 20, 2022
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety... High Unreviewed
CVE-2022-27580 was published Jul 20, 2022
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi... High Unreviewed
CVE-2022-27579 was published Jul 20, 2022
An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local... High Unreviewed
CVE-2021-36665 was published Jul 13, 2022
An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an... High Unreviewed
CVE-2022-30981 was published Jul 18, 2022
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior... High Unreviewed
CVE-2022-33320 was published Jul 21, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data High
CVE-2022-39297 was published for melisplatform/melis-cms (Composer) Oct 11, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data High
CVE-2022-39298 was published for melisplatform/melis-front (Composer) Oct 11, 2022
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code... High Unreviewed
CVE-2017-8829 was published May 17, 2022
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an... High Unreviewed
CVE-2022-2886 was published Aug 20, 2022
User account escalation in Apache Hadoop High
CVE-2021-33036 was published for org.apache.hadoop:hadoop-yarn-server-common (Maven) Jun 16, 2022
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx High
CVE-2022-25863 was published for gatsby-plugin-mdx (npm) Jun 3, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses... High Unreviewed
CVE-2020-25258 was published May 24, 2022
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the... High Unreviewed
CVE-2020-4280 was published May 24, 2022
Zoho ManageEngine Desktop Central 10 allows remote code execution because of deserialization of... High Unreviewed
CVE-2020-10189 was published May 24, 2022
Deserialization of Untrusted Data in Hazelcast High
CVE-2016-10750 was published for com.hazelcast:hazelcast (Maven) May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39147 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database