GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
242 advisories
Filter by severity
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
High
GHSA-5h5v-m596-r6rf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Insecure Deserialization
High
GHSA-96jg-pmc4-cx39
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Laravel Cookie serialization vulnerability
High
GHSA-6jvx-8ch9-j2jr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-2867-6rrm-38gr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability
High
CVE-2024-26579
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 8, 2024
image-optimizer allows PHAR deserialization
High
CVE-2024-34515
was published
for
spatie/image-optimizer
(Composer)
May 5, 2024
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
High
CVE-2024-34072
was published
for
sagemaker
(pip)
May 3, 2024
timber/timber vulnerable to Deserialization of Untrusted Data
High
CVE-2024-29800
was published
for
timber/timber
(Composer)
Apr 12, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
High
CVE-2024-22871
was published
for
org.clojure:clojure
(Maven)
Feb 29, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Allegro AI ClearML vulnerable to deserialization of untrusted data
High
CVE-2024-24590
was published
for
clearml
(pip)
Feb 6, 2024
Apache Airflow: pickle deserialization vulnerability in XComs
High
CVE-2023-50943
was published
for
apache-airflow
(pip)
Jan 24, 2024
Apache InLong Manager Arbitrary File Read Vulnerability
High
CVE-2023-51785
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Apache IoTDB: Unsafe deserialize map in Sync Tool
High
CVE-2023-51656
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Dec 21, 2023
transformers has a Deserialization of Untrusted Data vulnerability
High
CVE-2023-7018
was published
for
transformers
(pip)
Dec 20, 2023
Bypass serialize checks in Apache Dubbo
High
CVE-2023-29234
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
logback serialization vulnerability
High
CVE-2023-6378
was published
for
ch.qos.logback:logback-classic
(Maven)
Nov 29, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
yiisoft/yii deserializing untrusted user input can lead to remote code execution
High
CVE-2023-47130
was published
for
yiisoft/yii
(Composer)
Nov 14, 2023
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
High
CVE-2023-39913
was published
for
org.apache.uima:uimaj
(Maven)
Nov 8, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability
High
CVE-2023-46227
was published
for
org.apache.inlong:manager-common
(Maven)
Oct 19, 2023
Pickle serialization vulnerable to Deserialization of Untrusted Data
High
CVE-2023-23930
was published
for
vantage6
(pip)
Oct 13, 2023
ProTip!
Advisories are also available from the
GraphQL API