GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
370 advisories
Filter by severity
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress...
High
Unreviewed
CVE-2020-35939
was published
May 24, 2022
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated...
High
Unreviewed
CVE-2020-35932
was published
May 24, 2022
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all...
High
Unreviewed
CVE-2020-9301
was published
May 24, 2022
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE...
High
Unreviewed
CVE-2020-17144
was published
May 24, 2022
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the...
High
Unreviewed
CVE-2020-4280
was published
May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses...
High
Unreviewed
CVE-2020-25258
was published
May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It...
High
Unreviewed
CVE-2020-25260
was published
May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses...
High
Unreviewed
CVE-2020-25259
was published
May 24, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute...
High
Unreviewed
CVE-2020-4589
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve...
High
Unreviewed
CVE-2020-14172
was published
May 24, 2022
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates...
High
Unreviewed
CVE-2020-14933
was published
May 24, 2022
TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution...
High
Unreviewed
CVE-2019-16112
was published
May 24, 2022
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated...
High
Unreviewed
CVE-2020-5741
was published
May 24, 2022
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote...
High
Unreviewed
CVE-2020-12133
was published
May 24, 2022
Zoho ManageEngine Desktop Central 10 allows remote code execution because of deserialization of...
High
Unreviewed
CVE-2020-10189
was published
May 24, 2022
A remote code execution vulnerability exists in Microsoft Exchange software when the software...
High
Unreviewed
CVE-2020-0688
was published
May 24, 2022
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching...
High
Unreviewed
CVE-2020-2555
was published
May 24, 2022
An attacker who has already compromised the local system could use TinyWall Controller to gain...
High
Unreviewed
CVE-2019-19470
was published
May 24, 2022
An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open...
High
Unreviewed
CVE-2019-19909
was published
May 24, 2022
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The...
High
Unreviewed
CVE-2019-18283
was published
May 24, 2022
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization...
High
Unreviewed
CVE-2019-18935
was published
May 24, 2022
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data...
High
Unreviewed
CVE-2019-18601
was published
May 24, 2022
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE...
High
Unreviewed
CVE-2019-17080
was published
May 24, 2022
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30,...
High
Unreviewed
CVE-2019-11666
was published
May 24, 2022
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via...
High
Unreviewed
CVE-2017-18604
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API