CWE-502
AllowedDeserialization of Untrusted Data
Abstraction: Base · Status: Draft
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
4800 vulnerabilities reference this CWE, most recent first.
GHSA-RGGG-JP6V-H52J
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
{
"affected": [],
"aliases": [
"CVE-2025-33214"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:15:49Z",
"severity": "HIGH"
},
"details": "NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.",
"id": "GHSA-rggg-jp6v-h52j",
"modified": "2025-12-09T18:30:45Z",
"published": "2025-12-09T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33214"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5739"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33214"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RGQ9-FQF5-FV58
Vulnerability from github – Published: 2026-03-12 12:30 – Updated: 2026-04-07 22:14SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.5.9"
},
"package": {
"ecosystem": "PyPI",
"name": "sglang"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-3059"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-12T17:38:58Z",
"nvd_published_at": "2026-03-12T12:15:59Z",
"severity": "CRITICAL"
},
"details": "SGLang\u0027s multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.",
"id": "GHSA-rgq9-fqf5-fv58",
"modified": "2026-04-07T22:14:24Z",
"published": "2026-03-12T12:30:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3059"
},
{
"type": "WEB",
"url": "https://github.com/sgl-project/sglang/pull/20904"
},
{
"type": "PACKAGE",
"url": "https://github.com/sgl-project/sglang"
},
{
"type": "WEB",
"url": "https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py"
},
{
"type": "WEB",
"url": "https://github.com/sgl-project/sglang/releases/tag/v0.5.10"
},
{
"type": "WEB",
"url": "https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "SGLang\u0027s multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker"
}
GHSA-RGQ9-RG7J-XM4X
Vulnerability from github – Published: 2025-05-13 03:31 – Updated: 2025-10-22 00:33SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
{
"affected": [],
"aliases": [
"CVE-2025-42999"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T01:15:48Z",
"severity": "CRITICAL"
},
"details": "SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.",
"id": "GHSA-rgq9-rg7j-xm4x",
"modified": "2025-10-22T00:33:18Z",
"published": "2025-05-13T03:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-42999"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3604119"
},
{
"type": "WEB",
"url": "https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-42999"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RGV9-Q543-RQG4
Vulnerability from github – Published: 2022-10-03 00:00 – Updated: 2026-05-21 00:22In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. This issue can only happen when the UNWRAP_SINGLE_VALUE_ARRAYS feature is explicitly enabled.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0-rc1"
},
{
"fixed": "2.12.7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.13.0"
},
{
"fixed": "2.13.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-42004"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-04T21:56:21Z",
"nvd_published_at": "2022-10-02T05:15:00Z",
"severity": "HIGH"
},
"details": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. This issue can only happen when the `UNWRAP_SINGLE_VALUE_ARRAYS` feature is explicitly enabled.",
"id": "GHSA-rgv9-q543-rqg4",
"modified": "2026-05-21T00:22:42Z",
"published": "2022-10-03T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/issues/3582"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
},
{
"type": "PACKAGE",
"url": "https://github.com/FasterXML/jackson-databind"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221118-0008"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5283"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Uncontrolled Resource Consumption in FasterXML jackson-databind"
}
GHSA-RGVC-FQR7-3HVM
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 15:30Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4.
{
"affected": [],
"aliases": [
"CVE-2026-32509"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:17:03Z",
"severity": "MODERATE"
},
"details": "Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through \u003c 1.4.",
"id": "GHSA-rgvc-fqr7-3hvm",
"modified": "2026-03-26T15:30:34Z",
"published": "2026-03-25T18:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32509"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Theme/gracey/vulnerability/wordpress-gracey-theme-1-4-arbitrary-object-instantiation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RH47-6J8G-CR2X
Vulnerability from github – Published: 2023-04-28 00:30 – Updated: 2024-04-04 03:43Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.
{
"affected": [],
"aliases": [
"CVE-2023-1967"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-27T22:15:09Z",
"severity": "CRITICAL"
},
"details": "Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. ",
"id": "GHSA-rh47-6j8g-cr2x",
"modified": "2024-04-04T03:43:08Z",
"published": "2023-04-28T00:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1967"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RH4J-5RHW-HR54
Vulnerability from github – Published: 2025-01-27 20:50 – Updated: 2025-06-30 12:52Description
The vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It use torch.load function and weights_only parameter is default value False. There is a security warning on https://pytorch.org/docs/stable/generated/torch.load.html, when torch.load load a malicious pickle data it will execute arbitrary code during unpickling.
Impact
This vulnerability can be exploited to execute arbitrary codes and OS commands in the victim machine who fetch the pretrained repo remotely.
Note that most models now use the safetensors format, which is not vulnerable to this issue.
References
- https://pytorch.org/docs/stable/generated/torch.load.html
- Fix: https://github.com/vllm-project/vllm/pull/12366
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vllm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-24357"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T20:50:30Z",
"nvd_published_at": "2025-01-27T18:15:41Z",
"severity": "HIGH"
},
"details": "### Description\nThe vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It use torch.load function and weights_only parameter is default value False. There is a security warning on https://pytorch.org/docs/stable/generated/torch.load.html, when torch.load load a malicious pickle data it will execute arbitrary code during unpickling.\n\n### Impact\nThis vulnerability can be exploited to execute arbitrary codes and OS commands in the victim machine who fetch the pretrained repo remotely.\n\nNote that most models now use the safetensors format, which is not vulnerable to this issue.\n\n### References\n* https://pytorch.org/docs/stable/generated/torch.load.html\n* Fix: https://github.com/vllm-project/vllm/pull/12366",
"id": "GHSA-rh4j-5rhw-hr54",
"modified": "2025-06-30T12:52:27Z",
"published": "2025-01-27T20:50:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24357"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/pull/12366"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/commit/d3d6bb13fb62da3234addf6574922a4ec0513d04"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-58.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vllm-project/vllm"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/releases/tag/v0.7.0"
},
{
"type": "WEB",
"url": "https://pytorch.org/docs/stable/generated/torch.load.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator"
}
GHSA-RHQJ-C64H-W74R
Vulnerability from github – Published: 2025-08-14 15:30 – Updated: 2025-10-22 00:33Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
{
"affected": [],
"aliases": [
"CVE-2025-8875"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T15:15:43Z",
"severity": "CRITICAL"
},
"details": "Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.",
"id": "GHSA-rhqj-c64h-w74r",
"modified": "2025-10-22T00:33:19Z",
"published": "2025-08-14T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8875"
},
{
"type": "WEB",
"url": "https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8875"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RHRV-645H-FJFH
Vulnerability from github – Published: 2023-09-29 18:30 – Updated: 2025-07-31 14:22When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.avro:avro"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-39410"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2023-09-29T22:06:14Z",
"nvd_published_at": "2023-09-29T17:15:46Z",
"severity": "HIGH"
},
"details": "When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.",
"id": "GHSA-rhrv-645h-fjfh",
"modified": "2025-07-31T14:22:32Z",
"published": "2023-09-29T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"type": "WEB",
"url": "https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/avro"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2023/09/29/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/09/29/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Avro Java SDK vulnerable to Improper Input Validation"
}
GHSA-RJ2H-5W53-CG32
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.
{
"affected": [],
"aliases": [
"CVE-2021-40719"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-21T20:15:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.",
"id": "GHSA-rj2h-5w53-cg32",
"modified": "2022-05-24T19:18:25Z",
"published": "2022-05-24T19:18:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40719"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/connect/apsb21-91.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Explicitly define a final object() to prevent deserialization.
Mitigation
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.