CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Unsafe deserialization vulnerabilities

insecure deserialization49 advisories47 exploitedlatest 2026-07-05

Unsafe deserialization occurs when untrusted data is deserialized into live objects — in Java, .NET, PHP or Python — letting attackers instantiate gadget chains that end in code execution. Almost every advisory in this class is effectively an RCE, which its exploitation rate reflects.

Classification is assigned by the CSIRTS enrichment pipeline from the advisory text. The list below shows the latest advisories tagged unsafe deserialization, newest first, across national CERTs, vendor PSIRTs and vulnerability databases — exploited marks CVEs in the CISA KEV catalog.

Latest unsafe deserialization advisories

Other vulnerability classes

Remote code execution (988)Privilege escalation (451)Authentication bypass (366)Denial of service (600)Information disclosure (405)Memory corruption (244)Path traversal (100)Code injection (92)Cross-site scripting (110)SQL injection (51)Server-side request forgery (37)