Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

579 advisories

Loading
Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y... Critical Unreviewed
CVE-2023-51414 was published Dec 29, 2023
Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for... Critical Unreviewed
CVE-2023-51505 was published Dec 29, 2023
Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live... Critical Unreviewed
CVE-2023-51422 was published Dec 29, 2023
An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects... Critical Unreviewed
CVE-2022-34268 was published Dec 25, 2023
Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects... Critical Unreviewed
CVE-2023-49778 was published Dec 21, 2023
Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce... Critical Unreviewed
CVE-2023-32242 was published Dec 21, 2023
Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue... Critical Unreviewed
CVE-2023-49773 was published Dec 20, 2023
Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love... Critical Unreviewed
CVE-2023-49772 was published Dec 20, 2023
transformers has a Deserialization of Untrusted Data vulnerability Critical
CVE-2023-6730 was published for transformers (pip) Dec 19, 2023
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo Critical
CVE-2023-46279 was published for org.apache.dubbo:dubbo (Maven) Dec 15, 2023
Solon is vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-48967 was published for org.noear:solon (Maven) Dec 4, 2023
A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands... Critical Unreviewed
CVE-2023-48886 was published Dec 2, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request Critical
CVE-2023-48887 was published for org.jupiter-rpc:jupiter-rpc (Maven) Dec 2, 2023
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an... Critical Unreviewed
CVE-2023-47207 was published Dec 1, 2023
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute... Critical Unreviewed
CVE-2023-46990 was published Nov 20, 2023
Deserialization of Untrusted Data in apache-submarine Critical
CVE-2023-46302 was published for apache-submarine (pip) Nov 20, 2023
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file Critical
GHSA-x563-6hqv-26mr was published for ibis-framework (pip) Nov 17, 2023
pitrou
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an... Critical Unreviewed
CVE-2023-44353 was published Nov 17, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an... Critical Unreviewed
CVE-2023-44351 was published Nov 17, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an... Critical Unreviewed
CVE-2023-44350 was published Nov 17, 2023
PyArrow: Arbitrary code execution when loading a malicious data file Critical
CVE-2023-47248 was published for pyarrow (pip) Nov 9, 2023
pitrou r3kumar
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core... Critical Unreviewed
CVE-2023-46817 was published Nov 3, 2023
transmute-core unsafe YAML deserialization vulnerability Critical
CVE-2023-47204 was published for transmute-core (pip) Nov 2, 2023
josefkorbel r3kumar
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of... Critical Unreviewed
CVE-2023-47174 was published Oct 31, 2023
Apache ActiveMQ is vulnerable to Remote Code Execution Critical
CVE-2023-46604 was published for org.apache.activemq:activemq-client (Maven) Oct 27, 2023
nmarcoccio
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database