GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
513 advisories
Filter by severity
A?CWE-502:?Deserialization of untrusted data?vulnerability exists?that could allow an attacker...
Critical
Unreviewed
CVE-2023-5391
was published
Oct 4, 2023
Consensys gnark-crypto allows Signature Malleability
Critical
CVE-2023-44273
was published
for
github.com/Consensys/gnark-crypto
(Go)
Sep 28, 2023
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to...
Critical
Unreviewed
CVE-2023-43291
was published
Sep 27, 2023
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead...
Critical
Unreviewed
CVE-2023-40619
was published
Sep 20, 2023
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier)...
Critical
Unreviewed
CVE-2023-38204
was published
Sep 14, 2023
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2020-19559
was published
Sep 11, 2023
Snappy PHAR deserialization vulnerability
Critical
CVE-2023-41330
was published
for
knplabs/knp-snappy
(Composer)
Sep 8, 2023
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which...
Critical
Unreviewed
CVE-2023-0925
was published
Sep 6, 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to...
Critical
Unreviewed
CVE-2023-3259
was published
Aug 14, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Critical
CVE-2023-36480
was published
for
com.aerospike:aerospike-client
(Maven)
Aug 3, 2023
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...
Critical
Unreviewed
CVE-2022-40609
was published
Aug 2, 2023
Remote code execution in Apache Jackrabbit
Critical
CVE-2023-37895
was published
for
org.apache.jackrabbit:jackrabbit-standalone
(Maven)
Jul 25, 2023
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier)...
Critical
Unreviewed
CVE-2023-38203
was published
Jul 20, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Critical
CVE-2023-26512
was published
for
org.apache.eventmesh:eventmesh-connector-rabbitmq
(Maven)
Jul 17, 2023
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and...
Critical
Unreviewed
CVE-2023-29300
was published
Jul 12, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution
Critical
CVE-2023-36825
was published
for
orchid/platform
(Composer)
Jul 11, 2023
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that...
Critical
Unreviewed
CVE-2023-34347
was published
Jul 10, 2023
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which...
Critical
Unreviewed
CVE-2023-1399
was published
Jul 6, 2023
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an...
Critical
Unreviewed
CVE-2023-28323
was published
Jul 1, 2023
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8...
Critical
Unreviewed
CVE-2023-33299
was published
Jun 23, 2023
Solon vulnerable to deserialization of untrusted data
Critical
CVE-2023-35839
was published
for
org.noear:solon
(Maven)
Jun 19, 2023
xxl-rpc deserialization vulnerability
Critical
CVE-2023-33496
was published
for
com.xuxueli:xxl-rpc-core
(Maven)
Jun 7, 2023
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to...
Critical
Unreviewed
CVE-2020-36726
was published
Jun 7, 2023
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions...
Critical
Unreviewed
CVE-2020-36727
was published
Jun 7, 2023
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in...
Critical
Unreviewed
CVE-2020-36718
was published
Jun 7, 2023
ProTip!
Advisories are also available from the
GraphQL API