GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,336 advisories
Filter by severity
nukeviet Deserialization of Untrusted Data vulnerability
High
CVE-2024-36528
was published
for
nukeviet/nukeviet
(Composer)
Jun 10, 2024
image-optimizer allows PHAR deserialization
High
CVE-2024-34515
was published
for
spatie/image-optimizer
(Composer)
May 5, 2024
RDoc RCE vulnerability with .rdoc_options
Moderate
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store...
Critical
Unreviewed
CVE-2024-5335
was published
Aug 21, 2024
A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected...
Moderate
Unreviewed
CVE-2024-8003
was published
Aug 20, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP...
Critical
Unreviewed
CVE-2024-5932
was published
Aug 20, 2024
Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue...
Critical
Unreviewed
CVE-2024-43354
was published
Aug 19, 2024
Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object...
Critical
Unreviewed
CVE-2024-43242
was published
Aug 19, 2024
Deserialization of Untrusted Data vulnerability in Crew HRM allows Object Injection.This issue...
Critical
Unreviewed
CVE-2024-43252
was published
Aug 19, 2024
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This...
Critical
Unreviewed
CVE-2024-37099
was published
Aug 19, 2024
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all...
High
Unreviewed
CVE-2024-5724
was published
Jun 19, 2024
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions...
Moderate
Unreviewed
CVE-2024-5649
was published
Jun 19, 2024
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote...
Critical
Unreviewed
CVE-2023-43208
was published
Oct 26, 2023
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code...
Critical
Unreviewed
CVE-2024-28986
was published
Aug 14, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
High
CVE-2024-22871
was published
for
org.clojure:clojure
(Maven)
Feb 29, 2024
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants...
Critical
Unreviewed
CVE-2024-43141
was published
Aug 13, 2024
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an...
High
Unreviewed
CVE-2024-36131
was published
Aug 7, 2024
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute...
Critical
Unreviewed
CVE-2024-28212
was published
Mar 7, 2024
A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical....
Moderate
Unreviewed
CVE-2024-6644
was published
Jul 10, 2024
A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared...
Moderate
Unreviewed
CVE-2024-6645
was published
Jul 10, 2024
A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2)....
High
Unreviewed
CVE-2023-32737
was published
Jul 9, 2024
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7),...
High
Unreviewed
CVE-2023-32735
was published
Jul 9, 2024
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 ...
High
Unreviewed
CVE-2022-45147
was published
Jul 9, 2024
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to,...
High
Unreviewed
CVE-2024-7486
was published
Aug 8, 2024
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to,...
High
Unreviewed
CVE-2024-7560
was published
Aug 8, 2024
ProTip!
Advisories are also available from the
GraphQL API