GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
Apache Superset Deserialization of Untrusted Data vulnerability
Moderate
CVE-2023-37941
was published
for
apache-superset
(pip)
Sep 6, 2023
Pickle serialization vulnerable to Deserialization of Untrusted Data
High
CVE-2023-23930
was published
for
vantage6
(pip)
Oct 13, 2023
transmute-core unsafe YAML deserialization vulnerability
Critical
CVE-2023-47204
was published
for
transmute-core
(pip)
Nov 2, 2023
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Critical
GHSA-x563-6hqv-26mr
was published
for
ibis-framework
(pip)
Nov 17, 2023
PyArrow: Arbitrary code execution when loading a malicious data file
Critical
CVE-2023-47248
was published
for
pyarrow
(pip)
Nov 9, 2023
Deserialization of Untrusted Data in apache-submarine
Critical
CVE-2023-46302
was published
for
apache-submarine
(pip)
Nov 20, 2023
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Low
CVE-2023-49297
was published
for
PyDrive2
(pip)
Dec 5, 2023
transformers has a Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-6730
was published
for
transformers
(pip)
Dec 19, 2023
transformers has a Deserialization of Untrusted Data vulnerability
High
CVE-2023-7018
was published
for
transformers
(pip)
Dec 20, 2023
Django Tastypie Improper Deserialization of YAML Data
High
CVE-2011-4104
was published
for
django-tastypie
(pip)
May 14, 2022
Unsafe yaml deserialization in llama-hub
Critical
CVE-2024-23730
was published
for
llama-hub
(pip)
Jan 21, 2024
Apache Airflow: pickle deserialization vulnerability in XComs
High
CVE-2023-50943
was published
for
apache-airflow
(pip)
Jan 24, 2024
ai-flow Deserialization of Untrusted Data vulnerability
Moderate
CVE-2024-0960
was published
for
ai-flow
(pip)
Jan 27, 2024
Deserialization of untrusted data in synthcity
Critical
CVE-2024-0937
was published
for
synthcity
(pip)
Jan 26, 2024
OpenStack Object Storage (swift) Code Injection vulnerability
Critical
CVE-2012-4406
was published
for
swift
(pip)
May 17, 2022
OISF suricata-update unsafely deserializes YAML data
High
CVE-2018-1000167
was published
for
suricata-update
(pip)
May 14, 2022
Allegro AI ClearML vulnerable to deserialization of untrusted data
High
CVE-2024-24590
was published
for
clearml
(pip)
Feb 6, 2024
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Moderate
CVE-2024-29032
was published
for
qiskit-ibm-runtime
(pip)
Mar 20, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Critical
CVE-2024-2044
was published
for
pgAdmin4
(pip)
Mar 7, 2024
Insecure default config of Celery worker in Apache Airflow
Critical
CVE-2020-11982
was published
for
apache-airflow
(pip)
Jul 27, 2020
Transformers Deserialization of Untrusted Data vulnerability
Low
CVE-2024-3568
was published
for
transformers
(pip)
Apr 10, 2024
jsonpickle unsafe deserialization
Critical
CVE-2020-22083
was published
for
jsonpickle
(pip)
May 24, 2022
rpc.py vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-35411
was published
for
rpc.py
(pip)
Jul 9, 2022
Numpy Deserialization of Untrusted Data
Critical
CVE-2019-6446
was published
for
numpy
(pip)
May 24, 2022
Deserialization vulnerability exists in parso
High
CVE-2019-12760
was published
for
parso
(pip)
Jun 13, 2019
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API