Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,336 advisories

Loading
nukeviet Deserialization of Untrusted Data vulnerability High
CVE-2024-36528 was published for nukeviet/nukeviet (Composer) Jun 10, 2024
image-optimizer allows PHAR deserialization High
CVE-2024-34515 was published for spatie/image-optimizer (Composer) May 5, 2024
RDoc RCE vulnerability with .rdoc_options Moderate
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store... Critical Unreviewed
CVE-2024-5335 was published Aug 21, 2024
A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected... Moderate Unreviewed
CVE-2024-8003 was published Aug 20, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-5932 was published Aug 20, 2024
Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue... Critical Unreviewed
CVE-2024-43354 was published Aug 19, 2024
Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object... Critical Unreviewed
CVE-2024-43242 was published Aug 19, 2024
Deserialization of Untrusted Data vulnerability in Crew HRM allows Object Injection.This issue... Critical Unreviewed
CVE-2024-43252 was published Aug 19, 2024
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This... Critical Unreviewed
CVE-2024-37099 was published Aug 19, 2024
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-5724 was published Jun 19, 2024
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions... Moderate Unreviewed
CVE-2024-5649 was published Jun 19, 2024
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote... Critical Unreviewed
CVE-2023-43208 was published Oct 26, 2023
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code... Critical Unreviewed
CVE-2024-28986 was published Aug 14, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service High
CVE-2024-22871 was published for org.clojure:clojure (Maven) Feb 29, 2024
puredanger
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants... Critical Unreviewed
CVE-2024-43141 was published Aug 13, 2024
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an... High Unreviewed
CVE-2024-36131 was published Aug 7, 2024
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute... Critical Unreviewed
CVE-2024-28212 was published Mar 7, 2024
A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical.... Moderate Unreviewed
CVE-2024-6644 was published Jul 10, 2024
A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared... Moderate Unreviewed
CVE-2024-6645 was published Jul 10, 2024
A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2).... High Unreviewed
CVE-2023-32737 was published Jul 9, 2024
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7),... High Unreviewed
CVE-2023-32735 was published Jul 9, 2024
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 ... High Unreviewed
CVE-2022-45147 was published Jul 9, 2024
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... High Unreviewed
CVE-2024-7486 was published Aug 8, 2024
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... High Unreviewed
CVE-2024-7560 was published Aug 8, 2024
ProTip! Advisories are also available from the GraphQL API