Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4 advisories

Loading
jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray) High
CVE-2026-54513 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 23, 2026
omkhar Credited to omkhar
jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation High
CVE-2026-54512 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 23, 2026
caveeroo Credited to caveeroo, omkhar, and 75ACOL omkhar omkhar
75ACOL 75ACOL
Apache Kylin vulnerable to Command injection by Useless configuration High
CVE-2022-43396 was published for org.apache.kylin:kylin (Maven) Dec 30, 2022
Deserialization of Untrusted Data in jackson-databind High
CVE-2018-5968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 30, 2020
sunSUNQ Credited to sunSUNQ
ProTip! Advisories are also available from the GraphQL API