Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

882 advisories

Loading
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on... Critical Unreviewed
CVE-2021-3838 was published Nov 15, 2024
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to... Critical Unreviewed
CVE-2024-37285 was published Nov 14, 2024
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-10962 was published Nov 14, 2024
In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to... High Unreviewed
CVE-2024-43080 was published Nov 13, 2024
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution... High Unreviewed
CVE-2024-10013 was published Nov 13, 2024
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack... High Unreviewed
CVE-2024-10012 was published Nov 13, 2024
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-10828 was published Nov 13, 2024
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session... Moderate Unreviewed
CVE-2024-8069 was published Nov 12, 2024
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910... Critical Unreviewed
CVE-2024-44102 was published Nov 12, 2024
A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM... High Unreviewed
CVE-2023-32736 was published Nov 12, 2024
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected... Low Unreviewed
CVE-2024-10749 was published Nov 4, 2024
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a... Critical Unreviewed
CVE-2024-10456 was published Oct 30, 2024
Deserialization of Untrusted Data vulnerability in Daniel Schmitzer DS.DownloadList allows Object... Critical Unreviewed
CVE-2024-50507 was published Oct 30, 2024
A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of... Critical Unreviewed
CVE-2024-48206 was published Oct 29, 2024
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. Critical Unreviewed
CVE-2024-48063 was published Oct 29, 2024
Deserialization of Untrusted Data vulnerability in Kiboko Labs Namaste! LMS allows Object... High Unreviewed
CVE-2024-50408 was published Oct 28, 2024
Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for... High Unreviewed
CVE-2024-50416 was published Oct 28, 2024
Deserialization of Untrusted Data vulnerability in Revmakx Backup and Staging by WP Time Capsule... High Unreviewed
CVE-2024-49684 was published Oct 23, 2024
Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components... Critical Unreviewed
CVE-2024-49625 was published Oct 20, 2024
Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows... Critical Unreviewed
CVE-2024-49624 was published Oct 20, 2024
Deserialization of Untrusted Data vulnerability in Piyushmca Shipyaari Shipping Management allows... Critical Unreviewed
CVE-2024-49626 was published Oct 20, 2024
Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This... Critical Unreviewed
CVE-2024-49332 was published Oct 20, 2024
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up... High Unreviewed
CVE-2024-10079 was published Oct 18, 2024
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object... Critical Unreviewed
CVE-2024-49318 was published Oct 17, 2024
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object... Critical Unreviewed
CVE-2024-49218 was published Oct 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database