Java is one of the preferred options of modern developers and has become increasingly more prominent with the prevalence of the open-source culture. Thanks to the serialization and deserialization features, Java programs have the flexibility to transmit object data between multiple components or systems, which significantly facilitates development. However, the features may also allow the attackers to construct gadget chains and lead to Java deserialization vulnerabilities. Due to the highly flexible and customizable nature of Java deserialization, finding an exploitable gadget chain is complicated and usually costs researchers a great deal of effort to confirm the vulnerability. To break such a dilemma, in this paper, we introduced Tabby, a highly accurate framework that leverages the Soot framework and Neo4j graph database for finding Java deserialization gadget chains. We leveraged Tabby to analyze 248 Jar files, found 80 practical gadget chains, and received 7 CVE-IDs from Xstream and Apache Dubbo. They both improved the security design to deal with potential security risks.