Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,394 advisories

Loading
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) Moderate
CVE-2021-21348 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21347 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21346 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21344 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Potential remote code execution in Apache Tomcat High
CVE-2021-25329 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 19, 2021
Execution of untrusted code through config file Moderate
CVE-2021-21371 was published for tenable-jira-cloud (pip) Mar 10, 2021
abhiabhi2306 v1dhun
Deserialization of untrusted data in jackson-databind High
CVE-2021-20190 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 20, 2021
sharonbz sunSUNQ
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
RCE via PHP Object injection via SOAP Requests High
CVE-2020-15244 was published for openmage/magento-lts (Composer) Oct 30, 2020
convenient
Unsafe deserialization in Yii 2 High
CVE-2020-15148 was published for yiisoft/yii2 (Composer) Sep 15, 2020
nt0xa
Insecure serialization leading to RCE in serialize-javascript High
CVE-2020-7660 was published for serialize-javascript (npm) Aug 11, 2020
Code execution in Spring Integration Critical
CVE-2020-5413 was published for org.springframework.integration:spring-integration-core (Maven) Aug 5, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
Remote Code Execution in scratch-vm Critical
CVE-2020-14000 was published for scratch-vm (npm) Jul 27, 2020
Insecure default config of Celery worker in Apache Airflow Critical
CVE-2020-11982 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Deserialization of Untrusted Data in jackson-databind High
CVE-2018-5968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 30, 2020
sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14061 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14062 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
mpihelgas
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14060 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14195 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ
ProTip! Advisories are also available from the GraphQL API