Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

319 advisories

Loading
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in... Critical Unreviewed
CVE-2020-36718 was published Jun 7, 2023
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote... Critical Unreviewed
CVE-2023-27068 was published May 23, 2023
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due... Critical Unreviewed
CVE-2023-32336 was published May 22, 2023
The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX... Critical Unreviewed
CVE-2023-1650 was published May 8, 2023
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently... Critical Unreviewed
CVE-2023-1967 was published Apr 28, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ... Critical Unreviewed
CVE-2023-20853 was published Apr 27, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ... Critical Unreviewed
CVE-2023-20852 was published Apr 27, 2023
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated,... Critical Unreviewed
CVE-2023-20864 was published Apr 20, 2023
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to... Critical Unreviewed
CVE-2021-28254 was published Apr 19, 2023
** UNSUPPORTED WHEN ASSIGNED ** A Java insecure deserialization vulnerability in Adobe LiveCycle... Critical Unreviewed
CVE-2023-28500 was published Apr 6, 2023
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2020-29312 was published Apr 4, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36977 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36974 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36978 was published Mar 29, 2023
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in... Critical Unreviewed
CVE-2023-1133 was published Mar 27, 2023
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are... Critical Unreviewed
CVE-2023-26359 was published Mar 23, 2023
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure... Critical Unreviewed
CVE-2023-28667 was published Mar 22, 2023
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code... Critical Unreviewed
CVE-2023-26779 was published Mar 4, 2023
Unauthenticated Java deserialization vulnerability in Serviceguard Manager Critical Unreviewed
CVE-2022-37936 was published Mar 1, 2023
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated... Critical Unreviewed
CVE-2023-26326 was published Feb 23, 2023
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to... Critical Unreviewed
CVE-2023-0232 was published Feb 21, 2023
JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. Critical Unreviewed
CVE-2023-26234 was published Feb 21, 2023
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system,... Critical Unreviewed
CVE-2022-47986 was published Feb 17, 2023
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2023-25135 was published Feb 3, 2023
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be... Critical Unreviewed
CVE-2022-32521 was published Jan 31, 2023
ProTip! Advisories are also available from the GraphQL API