Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
jackson-databind is vulnerable to a deserialization flaw Critical
CVE-2017-7525 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization Critical
CVE-2017-3159 was published for org.apache.camel:camel-snakeyaml (Maven) Oct 16, 2018
sunSUNQ
FasterXML jackson-databind allows unauthenticated remote code execution Critical
CVE-2018-7489 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 16, 2018
sunSUNQ
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal Critical
CVE-2017-12611 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
sunSUNQ
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation Critical
CVE-2017-12634 was published for org.apache.camel:camel-castor (Maven) Oct 16, 2018
sunSUNQ
Apache is vulnerable to XXE in XSD validation processor Critical
CVE-2018-8027 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands Critical
CVE-2015-5344 was published for org.apache.camel:camel-xstream (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks Critical
CVE-2016-8749 was published for org.apache.camel:camel-jackson (Maven) Oct 16, 2018
sunSUNQ
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins Critical
CVE-2018-8014 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Improperly Implemented Security Check for Standard in org.springframework:spring-core Critical
CVE-2018-1275 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution Critical
CVE-2017-15095 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018
sunSUNQ
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass Critical
CVE-2017-17485 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018
sunSUNQ
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data Critical
CVE-2018-19362 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
sunSUNQ
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-11307 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 16, 2019
sunSUNQ
Polymorphic Typing issue in FasterXML jackson-databind Critical
CVE-2019-14540 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Sep 23, 2019
sunSUNQ
Polymorphic Typing in FasterXML jackson-databind Critical
CVE-2019-16942 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 28, 2019
sunSUNQ
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2019-20330 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 4, 2020
westonsteimel sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9548 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
Command injection via Celery broker in Apache Airflow Critical
CVE-2020-11981 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Insecure default config of Celery worker in Apache Airflow Critical
CVE-2020-11982 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
SQL Injection in Django Critical
CVE-2021-35042 was published for Django (pip) Sep 22, 2021
sunSUNQ
Remote code execution in Apache ActiveMQ Critical
CVE-2020-11998 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Path traversal in Pillow Critical
CVE-2022-24303 was published for Pillow (pip) Mar 11, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API