GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
126 advisories
Filter by severity
jackson-databind is vulnerable to a deserialization flaw
Critical
CVE-2017-7525
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization
Critical
CVE-2017-3159
was published
for
org.apache.camel:camel-snakeyaml
(Maven)
Oct 16, 2018
FasterXML jackson-databind allows unauthenticated remote code execution
Critical
CVE-2018-7489
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
Critical
CVE-2018-1295
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Code execution via deserialization in org.apache.ignite:ignite-core
Critical
CVE-2018-8018
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
Critical
CVE-2017-12634
was published
for
org.apache.camel:camel-castor
(Maven)
Oct 16, 2018
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks
Critical
CVE-2016-8749
was published
for
org.apache.camel:camel-jackson
(Maven)
Oct 16, 2018
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files
Critical
CVE-2016-6809
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Deserialization of Untrusted Data in Bouncy castle
Critical
CVE-2018-1000613
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
Oct 17, 2018
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
Critical
CVE-2017-15095
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Critical
CVE-2017-17485
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
Deserialization of Untrusted Data in Pippo
Critical
CVE-2018-18628
was published
for
ro.pippo:pippo-core
(Maven)
Oct 24, 2018
Arbitrary Code Execution in jackson-databind
Critical
CVE-2018-14718
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
Critical
CVE-2018-19360
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-19361
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Critical
CVE-2018-19362
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
XML External Entity Reference (XXE) in jackson-databind
Critical
CVE-2018-14720
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Arbitrary Code Execution in jackson-databind
Critical
CVE-2018-14719
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Incomplete List of Disallowed Inputs in SOFA-Hessian
Critical
CVE-2019-9212
was published
for
com.alipay.sofa:hessian
(Maven)
Mar 6, 2019
Unauthenticated Remote Code Execution in Apache JMeter
Critical
CVE-2019-0187
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
Mar 7, 2019
Critical severity vulnerability that affects org.apache.solr:solr-core
Critical
CVE-2019-0192
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-11307
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 16, 2019
Deserialization of Untrusted Data and Code Injection in xstream
Critical
CVE-2019-10173
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jul 26, 2019
Deserialization of Untrusted Data in EthereumJ
Critical
CVE-2018-15890
was published
for
org.ethereum:ethereumj-core
(Maven)
Jul 26, 2019
Deserialization of Untrusted Data in Apache Storm
Critical
CVE-2018-11779
was published
for
org.apache.storm:storm-kafka
(Maven)
Aug 1, 2019
ProTip!
Advisories are also available from the
GraphQL API