Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

553 advisories

Loading
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be... Critical Unreviewed
CVE-2024-28211 was published Mar 7, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability Critical
CVE-2024-26580 was published for org.apache.inlong:manager-common (Maven) Mar 6, 2024
oscerd
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop... Critical Unreviewed
CVE-2024-24302 was published Mar 3, 2024
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-23052 was published Feb 29, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution... Critical Unreviewed
CVE-2023-40057 was published Feb 15, 2024
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue... Critical Unreviewed
CVE-2024-25100 was published Feb 12, 2024
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real... Critical Unreviewed
CVE-2024-24797 was published Feb 12, 2024
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2023-6933 was published Feb 6, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... Critical Unreviewed
CVE-2024-22320 was published Feb 2, 2024
Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows... Critical Unreviewed
CVE-2023-51204 was published Jan 31, 2024
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products... Critical Unreviewed
CVE-2024-20253 was published Jan 26, 2024
Deserialization of untrusted data in synthcity Critical
CVE-2024-0937 was published for synthcity (pip) Jan 26, 2024
m3t3kh4n
Remote Command Execution in SOFARPC Critical
CVE-2024-23636 was published for com.alipay.sofa:rpc-sofa-boot-starter (Maven) Jan 23, 2024
yemoli
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization Critical
CVE-2017-20189 was published for org.clojure:clojure (Maven) Jan 22, 2024
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of... Critical Unreviewed
CVE-2023-6049 was published Jan 15, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with... Critical Unreviewed
CVE-2023-52205 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder... Critical Unreviewed
CVE-2023-52202 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with... Critical Unreviewed
CVE-2023-52207 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue... Critical Unreviewed
CVE-2023-52219 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media... Critical Unreviewed
CVE-2023-52225 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment... Critical Unreviewed
CVE-2023-52218 was published Jan 8, 2024
ProTip! Advisories are also available from the GraphQL API