Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

87 advisories

Loading
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context... Moderate Unreviewed
CVE-2007-1701 was published May 1, 2022
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to... Moderate Unreviewed
CVE-2016-10304 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2018-15425 was published May 13, 2022
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX... Moderate Unreviewed
CVE-2016-9585 was published May 13, 2022
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the... Moderate Unreviewed
CVE-2016-8653 was published May 13, 2022
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4... Moderate Unreviewed
CVE-2012-3527 was published May 17, 2022
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely... Moderate Unreviewed
CVE-2011-2520 was published May 17, 2022
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and... Moderate Unreviewed
CVE-2019-0305 was published May 24, 2022
In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job... Moderate Unreviewed
CVE-2019-9373 was published May 24, 2022
The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3... Moderate Unreviewed
CVE-2019-18631 was published May 24, 2022
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java... Moderate Unreviewed
CVE-2020-2604 was published May 24, 2022
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it... Moderate Unreviewed
CVE-2020-0618 was published May 24, 2022
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component:... Moderate Unreviewed
CVE-2020-2756 was published May 24, 2022
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component:... Moderate Unreviewed
CVE-2020-2757 was published May 24, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted... Moderate Unreviewed
CVE-2020-4271 was published May 24, 2022
The affected product is vulnerable to the handling of serialized data. The issue results from the... Moderate Unreviewed
CVE-2020-12000 was published May 24, 2022
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by... Moderate Unreviewed
CVE-2020-10289 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1414 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1415 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and... Moderate Unreviewed
CVE-2021-1413 was published May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary... Moderate Unreviewed
CVE-2021-3035 was published May 24, 2022
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary... Moderate Unreviewed
CVE-2021-3040 was published May 24, 2022
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though... Moderate Unreviewed
CVE-2021-34393 was published May 24, 2022
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with... Moderate Unreviewed
CVE-2021-34394 was published May 24, 2022
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with... Moderate Unreviewed
CVE-2021-21488 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database