Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

177 advisories

Loading
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization High
CVE-2026-41731 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
oscerd Credited to oscerd
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection High
CVE-2025-27511 was published for org.geoserver.extension:gs-db2 (Maven) Jun 11, 2026
H4cking2theGate Credited to H4cking2theGate, jodygarnett, and aaime jodygarnett jodygarnett
aaime aaime
Deserialization of Untrusted Data in Gson High
CVE-2022-25647 was published for com.google.code.gson:gson (Maven) May 3, 2022
camel-infinispan Vulnerable to Deserialization of Untrusted Data High
CVE-2026-6857 was published for org.apache.camel:camel-infinispan (Maven) Apr 22, 2026
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz Credited to AdamKorcz, sonnyhcl, sunSUNQ, pjfanning, and albertabiev1 sonnyhcl sonnyhcl
sunSUNQ sunSUNQ pjfanning pjfanning albertabiev1 albertabiev1
Potential remote code execution in Apache Tomcat High
CVE-2020-9484 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 21, 2020
sunSUNQ Credited to sunSUNQ and aruneko aruneko aruneko
Unsafe Deserialization in jackson-databind High
CVE-2020-36183 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14062 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
mpihelgas Credited to mpihelgas
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14060 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
sunSUNQ Credited to sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11619 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data High
CVE-2026-40858 was published for org.apache.camel:camel-infinispan (Maven) Apr 27, 2026
Camel-MINA Vulnerable to Deserialization of Untrusted Data High
CVE-2026-40473 was published for org.apache.camel:camel-mina (Maven) Apr 27, 2026
Camel-PQC Vulnerable to Deserialization of Untrusted Data High
CVE-2026-40048 was published for org.apache.camel:camel-pqc (Maven) Apr 27, 2026
Apache Storm: Deserialization of Untrusted Data vulnerability High
CVE-2026-35337 was published for org.apache.storm:storm-client (Maven) Apr 13, 2026
Deserialization of Untrusted Data in Apache Camel CassandraQL High
CVE-2024-23114 was published for org.apache.camel:camel-cassandraql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Apache Spark: Spark History Server Code Execution Vulnerability High
CVE-2025-54920 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 16, 2026
JasperReports has a Java deserialisation vulnerability High
CVE-2025-10492 was published for net.sf.jasperreports:jasperreports (Maven) Sep 16, 2025
tremblaysimon Credited to tremblaysimon and rfc-st rfc-st rfc-st
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property High
CVE-2026-27830 was published for com.mchange:c3p0 (Maven) Feb 25, 2026
dpp Credited to dpp
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp Credited to dpp
Apache Camel Deserializes Untrusted Data in its LevelDB Component High
CVE-2026-25747 was published for org.apache.camel:camel-leveldb (Maven) Feb 23, 2026
Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization High
CVE-2025-66524 was published for org.apache.nifi:nifi-asana-processors (Maven) Dec 19, 2025
Apache HugeGraph-Server: RAFT and deserialization vulnerability High
CVE-2025-26866 was published for org.apache.hugegraph:hg-pd-core (Maven) Dec 12, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27818 was published for org.apache.kafka:kafka_2.11 (Maven) Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27819 was published for org.apache.kafka:kafka_2.10 (Maven) Jun 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database