Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

579 advisories

Loading
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution... Critical Unreviewed
CVE-2023-40057 was published Feb 15, 2024
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue... Critical Unreviewed
CVE-2024-25100 was published Feb 12, 2024
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real... Critical Unreviewed
CVE-2024-24797 was published Feb 12, 2024
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2023-6933 was published Feb 6, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... Critical Unreviewed
CVE-2024-22320 was published Feb 2, 2024
Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows... Critical Unreviewed
CVE-2023-51204 was published Jan 31, 2024
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products... Critical Unreviewed
CVE-2024-20253 was published Jan 26, 2024
Deserialization of untrusted data in synthcity Critical
CVE-2024-0937 was published for synthcity (pip) Jan 26, 2024
m3t3kh4n
Remote Command Execution in SOFARPC Critical
CVE-2024-23636 was published for com.alipay.sofa:rpc-sofa-boot-starter (Maven) Jan 23, 2024
yemoli
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization Critical
CVE-2017-20189 was published for org.clojure:clojure (Maven) Jan 22, 2024
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of... Critical Unreviewed
CVE-2023-6049 was published Jan 15, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with... Critical Unreviewed
CVE-2023-52205 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder... Critical Unreviewed
CVE-2023-52202 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with... Critical Unreviewed
CVE-2023-52207 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media... Critical Unreviewed
CVE-2023-52225 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue... Critical Unreviewed
CVE-2023-52219 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment... Critical Unreviewed
CVE-2023-52218 was published Jan 8, 2024
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows... Critical Unreviewed
CVE-2023-49442 was published Jan 3, 2024
Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes... Critical Unreviewed
CVE-2023-52182 was published Dec 31, 2023
Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This... Critical Unreviewed
CVE-2023-49777 was published Dec 31, 2023
Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects... Critical Unreviewed
CVE-2023-52181 was published Dec 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database