Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

513 advisories

A?CWE-502:?Deserialization of untrusted data?vulnerability exists?that could allow an attacker... Critical Unreviewed
CVE-2023-5391 was published Oct 4, 2023
Consensys gnark-crypto allows Signature Malleability Critical
CVE-2023-44273 was published for github.com/Consensys/gnark-crypto (Go) Sep 28, 2023
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to... Critical Unreviewed
CVE-2023-43291 was published Sep 27, 2023
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead... Critical Unreviewed
CVE-2023-40619 was published Sep 20, 2023
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier)... Critical Unreviewed
CVE-2023-38204 was published Sep 14, 2023
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2020-19559 was published Sep 11, 2023
Snappy PHAR deserialization vulnerability Critical
CVE-2023-41330 was published for knplabs/knp-snappy (Composer) Sep 8, 2023
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which... Critical Unreviewed
CVE-2023-0925 was published Sep 6, 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to... Critical Unreviewed
CVE-2023-3259 was published Aug 14, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses Critical
CVE-2023-36480 was published for com.aerospike:aerospike-client (Maven) Aug 3, 2023
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute... Critical Unreviewed
CVE-2022-40609 was published Aug 2, 2023
Remote code execution in Apache Jackrabbit Critical
CVE-2023-37895 was published for org.apache.jackrabbit:jackrabbit-standalone (Maven) Jul 25, 2023
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier)... Critical Unreviewed
CVE-2023-38203 was published Jul 20, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message Critical
CVE-2023-26512 was published for org.apache.eventmesh:eventmesh-connector-rabbitmq (Maven) Jul 17, 2023
raboof
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and... Critical Unreviewed
CVE-2023-29300 was published Jul 12, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution Critical
CVE-2023-36825 was published for orchid/platform (Composer) Jul 11, 2023
catferq
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that... Critical Unreviewed
CVE-2023-34347 was published Jul 10, 2023
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which... Critical Unreviewed
CVE-2023-1399 was published Jul 6, 2023
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an... Critical Unreviewed
CVE-2023-28323 was published Jul 1, 2023
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8... Critical Unreviewed
CVE-2023-33299 was published Jun 23, 2023
Solon vulnerable to deserialization of untrusted data Critical
CVE-2023-35839 was published for org.noear:solon (Maven) Jun 19, 2023
xxl-rpc deserialization vulnerability Critical
CVE-2023-33496 was published for com.xuxueli:xxl-rpc-core (Maven) Jun 7, 2023
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to... Critical Unreviewed
CVE-2020-36726 was published Jun 7, 2023
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions... Critical Unreviewed
CVE-2020-36727 was published Jun 7, 2023
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in... Critical Unreviewed
CVE-2020-36718 was published Jun 7, 2023
ProTip! Advisories are also available from the GraphQL API