Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

596 advisories

Loading
Deserialization of Untrusted Data in Gson High
CVE-2022-25647 was published for com.google.code.gson:gson (Maven) May 3, 2022
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote... High Unreviewed
CVE-2020-12133 was published May 24, 2022
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. High Unreviewed
CVE-2022-45077 was published Nov 18, 2022
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via... High Unreviewed
CVE-2022-4043 was published Jan 10, 2023
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve... High Unreviewed
CVE-2020-14172 was published May 24, 2022
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an... High Unreviewed
CVE-2022-3679 was published Jan 10, 2023
Apache Geode unsafe deserialization of application objects High
CVE-2017-15693 was published for org.apache.geode:geode-core (Maven) May 14, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute... High Unreviewed
CVE-2020-4589 was published May 24, 2022
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file,... High Unreviewed
CVE-2022-3417 was published Jan 10, 2023
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote... High Unreviewed
CVE-2020-35488 was published May 24, 2022
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2,... High Unreviewed
CVE-2019-4728 was published May 24, 2022
rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows... High Unreviewed
CVE-2020-8884 was published May 24, 2022
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x... High Unreviewed
CVE-2020-12525 was published May 24, 2022
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker... High Unreviewed
CVE-2020-4888 was published May 24, 2022
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated... High Unreviewed
CVE-2020-35932 was published May 24, 2022
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all... High Unreviewed
CVE-2020-9301 was published May 24, 2022
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress... High Unreviewed
CVE-2020-35939 was published May 24, 2022
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a... High Unreviewed
CVE-2021-20076 was published May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... High Unreviewed
CVE-2020-10657 was published May 24, 2022
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database... High Unreviewed
CVE-2021-29654 was published May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management... High Unreviewed
CVE-2021-25152 was published May 24, 2022
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management... High Unreviewed
CVE-2021-25151 was published May 24, 2022
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such... High Unreviewed
CVE-2021-24280 was published May 24, 2022
In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories... High Unreviewed
CVE-2021-33898 was published May 24, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of... High Unreviewed
CVE-2021-27240 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API