This site hosts a number of tables representing the presence of remote code execution vulnerabilities in Java deserialization when combining versions of the Java Virtual Machine and versions of libraries. Each table corresponds to a payload of the research tool ysoserial, which can be utilized to detect these vulnerabilities. As such, the libraries tested for each payload are the libraries included in each ysoserial attack, though there are a couple that don't use any libraries at all.
For each table, the rows represent a version of the JVM (218 in total), and the columns represent a version of a library. If the combination of these two led to the presence of an RCE vulnerability during deserialization, the cell will be colored red. If not, the cell will be colored green.
Libraries included: BeanShell.
Libraries included: Click Nodeps, Javax Servlet API.
Libraries included: Clojure.
Libraries included: Commons BeanUtils, Commons Collections, Commons Logging.
Libraries included: Commons Collections.
Libraries included: Commons Collections 4.
Libraries included: Commons Collections.
Libraries included: Commons Collections 4.
Libraries included: Commons Collections.
Libraries included: Commons Collections.
Libraries included: Commons Collections.
Libraries included: Groovy.
Libraries included: None.
Libraries included: None.
Libraries included: None.
Libraries included: Json-Lib, Spring AOP, AOP Alliance, Commons Logging, Commons Lang, Ezmorph, Commons BeanUtils, Spring Core, Commons Collections.
Libraries included: None.
Libraries included: Rhino.
Libraries included: Rhino.
Libraries included: None.
Libraries included: Rome.
Libraries included: Spring Core, Spring Beans.
Libraries included: Spring Core, Spring AOP, AOP Alliance, Commons Logging.
Libraries included: Vaadin Server, Vaadin Shared.