Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

606 advisories

Loading
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024... Critical Unreviewed
CVE-2024-29847 was published Sep 12, 2024
Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data. Critical Unreviewed
CVE-2023-37227 was published Sep 10, 2024
ThinkPHP deserialization vulnerability Critical
CVE-2024-44902 was published for topthink/framework (Composer) Sep 9, 2024
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to... Critical Unreviewed
CVE-2024-37288 was published Sep 9, 2024
A deserialization of untrusted data vulnerability with a malicious payload can allow an... Critical Unreviewed
CVE-2024-40711 was published Sep 7, 2024
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to... Critical Unreviewed
CVE-2024-45758 was published Sep 6, 2024
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2024-8016 was published Aug 30, 2024
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This... Critical Unreviewed
CVE-2024-43931 was published Aug 29, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store... Critical Unreviewed
CVE-2024-8030 was published Aug 28, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store... Critical Unreviewed
CVE-2024-5335 was published Aug 21, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-5932 was published Aug 20, 2024
Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue... Critical Unreviewed
CVE-2024-43354 was published Aug 19, 2024
Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object... Critical Unreviewed
CVE-2024-43242 was published Aug 19, 2024
Deserialization of Untrusted Data vulnerability in Crew HRM allows Object Injection.This issue... Critical Unreviewed
CVE-2024-43252 was published Aug 19, 2024
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This... Critical Unreviewed
CVE-2024-37099 was published Aug 19, 2024
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code... Critical Unreviewed
CVE-2024-28986 was published Aug 14, 2024
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants... Critical Unreviewed
CVE-2024-43141 was published Aug 13, 2024
Redisson vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-42809 was published for org.redisson:redisson (Maven) Aug 5, 2024
XXL-RPC Deserialization of Untrusted Data vulnerability Critical
CVE-2023-45146 was published for com.xuxueli:xxl-rpc-core (Maven) Aug 5, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code... Critical Unreviewed
CVE-2024-6327 was published Jul 24, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming ... Critical Unreviewed
CVE-2024-6794 was published Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that... Critical Unreviewed
CVE-2024-6793 was published Jul 22, 2024
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access... Critical Unreviewed
CVE-2024-28074 was published Jul 17, 2024
TorrentPier Deserialization of Untrusted Data vulnerability Critical
CVE-2024-40624 was published for torrentpier/torrentpier (Composer) Jul 15, 2024
swapgs
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote... Critical Unreviewed
CVE-2024-5671 was published Jun 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database