Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

319 advisories

Loading
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute... Critical Unreviewed
CVE-2023-46990 was published Nov 20, 2023
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an... Critical Unreviewed
CVE-2023-47207 was published Dec 1, 2023
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core... Critical Unreviewed
CVE-2023-46817 was published Nov 3, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an... Critical Unreviewed
CVE-2023-44353 was published Nov 17, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an... Critical Unreviewed
CVE-2023-44351 was published Nov 17, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an... Critical Unreviewed
CVE-2023-44350 was published Nov 17, 2023
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8... Critical Unreviewed
CVE-2021-23894 was published May 24, 2022
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead... Critical Unreviewed
CVE-2023-40619 was published Sep 20, 2023
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of... Critical Unreviewed
CVE-2023-47174 was published Oct 31, 2023
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. Critical Unreviewed
CVE-2022-29528 was published Apr 22, 2022
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2022-2437 was published Jul 19, 2022
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an... Critical Unreviewed
CVE-2021-27852 was published May 24, 2022
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An... Critical Unreviewed
CVE-2019-7214 was published May 24, 2022
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in... Critical Unreviewed
CVE-2023-1133 was published Mar 27, 2023
A conference management system of ZTE is impacted by a command execution vulnerability. Since the... Critical Unreviewed
CVE-2021-21741 was published May 24, 2022
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system,... Critical Unreviewed
CVE-2022-47986 was published Feb 17, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36974 was published Mar 29, 2023
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2020-29312 was published Apr 4, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36978 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36977 was published Mar 29, 2023
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure... Critical Unreviewed
CVE-2023-28667 was published Mar 22, 2023
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are... Critical Unreviewed
CVE-2023-26359 was published Mar 23, 2023
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code... Critical Unreviewed
CVE-2023-26779 was published Mar 4, 2023
Unauthenticated Java deserialization vulnerability in Serviceguard Manager Critical Unreviewed
CVE-2022-37936 was published Mar 1, 2023
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated... Critical Unreviewed
CVE-2023-26326 was published Feb 23, 2023
ProTip! Advisories are also available from the GraphQL API