GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
579 advisories
Filter by severity
Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live...
Critical
Unreviewed
CVE-2023-51422
was published
Dec 29, 2023
Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This...
Critical
Unreviewed
CVE-2023-51470
was published
Dec 29, 2023
Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y...
Critical
Unreviewed
CVE-2023-51414
was published
Dec 29, 2023
Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for...
Critical
Unreviewed
CVE-2023-51505
was published
Dec 29, 2023
An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects...
Critical
Unreviewed
CVE-2022-34268
was published
Dec 25, 2023
Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce...
Critical
Unreviewed
CVE-2023-32242
was published
Dec 21, 2023
Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects...
Critical
Unreviewed
CVE-2023-49778
was published
Dec 21, 2023
Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love...
Critical
Unreviewed
CVE-2023-49772
was published
Dec 20, 2023
Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue...
Critical
Unreviewed
CVE-2023-49773
was published
Dec 20, 2023
transformers has a Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-6730
was published
for
transformers
(pip)
Dec 19, 2023
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Critical
CVE-2023-46279
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
Solon is vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-48967
was published
for
org.noear:solon
(Maven)
Dec 4, 2023
A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands...
Critical
Unreviewed
CVE-2023-48886
was published
Dec 2, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Critical
CVE-2023-48887
was published
for
org.jupiter-rpc:jupiter-rpc
(Maven)
Dec 2, 2023
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an...
Critical
Unreviewed
CVE-2023-47207
was published
Dec 1, 2023
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute...
Critical
Unreviewed
CVE-2023-46990
was published
Nov 20, 2023
Deserialization of Untrusted Data in apache-submarine
Critical
CVE-2023-46302
was published
for
apache-submarine
(pip)
Nov 20, 2023
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Critical
GHSA-x563-6hqv-26mr
was published
for
ibis-framework
(pip)
Nov 17, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an...
Critical
Unreviewed
CVE-2023-44353
was published
Nov 17, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an...
Critical
Unreviewed
CVE-2023-44350
was published
Nov 17, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an...
Critical
Unreviewed
CVE-2023-44351
was published
Nov 17, 2023
PyArrow: Arbitrary code execution when loading a malicious data file
Critical
CVE-2023-47248
was published
for
pyarrow
(pip)
Nov 9, 2023
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core...
Critical
Unreviewed
CVE-2023-46817
was published
Nov 3, 2023
transmute-core unsafe YAML deserialization vulnerability
Critical
CVE-2023-47204
was published
for
transmute-core
(pip)
Nov 2, 2023
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of...
Critical
Unreviewed
CVE-2023-47174
was published
Oct 31, 2023
ProTip!
Advisories are also available from the
GraphQL API