GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
606 advisories
Filter by severity
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop...
Critical
Unreviewed
CVE-2024-24302
was published
Mar 3, 2024
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-23052
was published
Feb 29, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Critical
CVE-2023-51518
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Critical
GHSA-97m3-52wr-xvv2
was published
for
phenx/php-svg-lib
(Composer)
Feb 22, 2024
Deserialization of Untrusted Data in Torrentpier
Critical
CVE-2024-1651
was published
for
torrentpier/torrentpier
(Composer)
Feb 20, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution...
Critical
Unreviewed
CVE-2023-40057
was published
Feb 15, 2024
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue...
Critical
Unreviewed
CVE-2024-25100
was published
Feb 12, 2024
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real...
Critical
Unreviewed
CVE-2024-24797
was published
Feb 12, 2024
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all...
Critical
Unreviewed
CVE-2023-6933
was published
Feb 6, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could...
Critical
Unreviewed
CVE-2024-22320
was published
Feb 2, 2024
Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows...
Critical
Unreviewed
CVE-2023-51204
was published
Jan 31, 2024
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products...
Critical
Unreviewed
CVE-2024-20253
was published
Jan 26, 2024
Deserialization of untrusted data in synthcity
Critical
CVE-2024-0937
was published
for
synthcity
(pip)
Jan 26, 2024
Remote Command Execution in SOFARPC
Critical
CVE-2024-23636
was published
for
com.alipay.sofa:rpc-sofa-boot-starter
(Maven)
Jan 23, 2024
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
Critical
CVE-2017-20189
was published
for
org.clojure:clojure
(Maven)
Jan 22, 2024
Unsafe yaml deserialization in llama-hub
Critical
CVE-2024-23730
was published
for
llama-hub
(pip)
Jan 21, 2024
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of...
Critical
Unreviewed
CVE-2023-6049
was published
Jan 15, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder...
Critical
Unreviewed
CVE-2023-52202
was published
Jan 8, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with...
Critical
Unreviewed
CVE-2023-52205
was published
Jan 8, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with...
Critical
Unreviewed
CVE-2023-52207
was published
Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment...
Critical
Unreviewed
CVE-2023-52218
was published
Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media...
Critical
Unreviewed
CVE-2023-52225
was published
Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue...
Critical
Unreviewed
CVE-2023-52219
was published
Jan 8, 2024
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows...
Critical
Unreviewed
CVE-2023-49442
was published
Jan 3, 2024
Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects...
Critical
Unreviewed
CVE-2023-52181
was published
Dec 31, 2023
ProTip!
Advisories are also available from the
GraphQL API