Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,510 advisories

Loading
Deserialization of Untrusted Data in Tendenci Critical
CVE-2020-14942 was published for tendenci (pip) Jun 18, 2021
Remote code execution in Apache Tapestry Critical
CVE-2021-27850 was published for org.apache.tapestry:tapestry-core (Maven) Jun 16, 2021
Remote code execution in zendframework and laminas-http Critical
CVE-2021-3007 was published for laminas/laminas-http (Composer) Jun 8, 2021
QOS.ch Logback vulnerable to Deserialization of Untrusted Data Critical
CVE-2017-5929 was published for ch.qos.logback:logback-classic (Maven) Jun 7, 2021
Deserialization of Untrusted Data in Apache Camel RabbitMQ High
CVE-2020-11972 was published for org.apache.camel:camel-rabbitmq (Maven) May 21, 2021
Insecure deserialization in Wire Critical
CVE-2021-29508 was published for Wire (NuGet) May 19, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
Deserialization of Untrusted Data in bson Critical
CVE-2020-7610 was published for bson (npm) May 7, 2021
Object injection in PHPMailer/PHPMailer Critical
CVE-2020-36326 was published for phpmailer/phpmailer (Composer) May 4, 2021
Insecure Deserialization of untrusted data in rmccue/requests Critical
CVE-2021-29476 was published for rmccue/requests (Composer) Apr 29, 2021
xknown whyisjake
Deserialization of Untrusted Data in Archive_Tar High
CVE-2020-28948 was published for pear/archive_tar (Composer) Apr 22, 2021
"Deserialization errors in MyBatis" High
CVE-2020-26945 was published for org.mybatis:mybatis (Maven) Apr 22, 2021
Fixes a bug in Zend Framework's Stream HTTP Wrapper Critical
CVE-2021-21426 was published for openmage/magento-lts (Composer) Apr 22, 2021
Deserialization of Untrusted Data in PyYAML Critical
CVE-2019-20477 was published for pyyaml (pip) Apr 20, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21351 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21350 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21349 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) Moderate
CVE-2021-21348 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21347 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21346 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21344 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights Moderate
CVE-2021-21343 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21342 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Potential remote code execution in Apache Tomcat High
CVE-2021-25329 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database