GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
509 advisories
Filter by severity
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Critical
CVE-2024-47561
was published
for
org.apache.avro:avro-parent
(Maven)
Oct 3, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Moderate
CVE-2024-45772
was published
for
org.apache.lucene:lucene-replicator
(Maven)
Sep 30, 2024
Reverb use after free vulnerability
Moderate
CVE-2024-8375
was published
for
dm-reverb
(pip)
Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
sqlitedict insecure deserialization vulnerability
High
CVE-2024-35515
was published
for
sqlitedict
(pip)
Sep 18, 2024
LangChain pickle deserialization of untrusted data
Moderate
CVE-2024-5998
was published
for
langchain-community
(pip)
Sep 17, 2024
Apache Seata Deserialization of Untrusted Data vulnerability
High
CVE-2024-22399
was published
for
org.apache.seata:seata-core
(Maven)
Sep 16, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45853
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45852
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45854
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45855
was published
for
mindsdb
(pip)
Sep 12, 2024
Cleanlab Deserialization of Untrusted Data vulnerability
High
CVE-2024-45857
was published
for
cleanlab
(pip)
Sep 12, 2024
ThinkPHP deserialization vulnerability
Critical
CVE-2024-44902
was published
for
topthink/framework
(Composer)
Sep 9, 2024
XXL-RPC Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-45146
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Aug 5, 2024
Redisson vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-42809
was published
for
org.redisson:redisson
(Maven)
Aug 5, 2024
H2O vulnerable to Deserialization of Untrusted Data
High
CVE-2024-6960
was published
for
ai.h2o:h2o-core
(Maven)
Jul 21, 2024
TorrentPier Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-40624
was published
for
torrentpier/torrentpier
(Composer)
Jul 15, 2024
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability
High
CVE-2023-49566
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Linkis DataSource remote code execution vulnerability
High
CVE-2023-46801
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
ntlk unsafe deserialization vulnerability
High
CVE-2024-39705
was published
for
nltk
(pip)
Jun 28, 2024
nukeviet Deserialization of Untrusted Data vulnerability
High
CVE-2024-36528
was published
for
nukeviet/nukeviet
(Composer)
Jun 10, 2024
By-passing Protection of PharStreamWrapper Interceptor
Moderate
GHSA-4v5g-8pq2-32m2
was published
for
typo3/phar-stream-wrapper
(Composer)
Jun 5, 2024
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
High
GHSA-ppgf-8745-8pgx
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Insecure Deserialization in TYPO3 CMS
High
GHSA-8h28-f46f-m87h
was published
for
typo3/cms
(Composer)
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API