GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
319 advisories
Filter by severity
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute...
Critical
Unreviewed
CVE-2023-46990
was published
Nov 20, 2023
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an...
Critical
Unreviewed
CVE-2023-47207
was published
Dec 1, 2023
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core...
Critical
Unreviewed
CVE-2023-46817
was published
Nov 3, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an...
Critical
Unreviewed
CVE-2023-44353
was published
Nov 17, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an...
Critical
Unreviewed
CVE-2023-44351
was published
Nov 17, 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an...
Critical
Unreviewed
CVE-2023-44350
was published
Nov 17, 2023
Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8...
Critical
Unreviewed
CVE-2021-23894
was published
May 24, 2022
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead...
Critical
Unreviewed
CVE-2023-40619
was published
Sep 20, 2023
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of...
Critical
Unreviewed
CVE-2023-47174
was published
Oct 31, 2023
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
Critical
Unreviewed
CVE-2022-29528
was published
Apr 22, 2022
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2022-2437
was published
Jul 19, 2022
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an...
Critical
Unreviewed
CVE-2021-27852
was published
May 24, 2022
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An...
Critical
Unreviewed
CVE-2019-7214
was published
May 24, 2022
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in...
Critical
Unreviewed
CVE-2023-1133
was published
Mar 27, 2023
A conference management system of ZTE is impacted by a command execution vulnerability. Since the...
Critical
Unreviewed
CVE-2021-21741
was published
May 24, 2022
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system,...
Critical
Unreviewed
CVE-2022-47986
was published
Feb 17, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
Critical
Unreviewed
CVE-2022-36974
was published
Mar 29, 2023
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2020-29312
was published
Apr 4, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
Critical
Unreviewed
CVE-2022-36978
was published
Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
Critical
Unreviewed
CVE-2022-36977
was published
Mar 29, 2023
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure...
Critical
Unreviewed
CVE-2023-28667
was published
Mar 22, 2023
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are...
Critical
Unreviewed
CVE-2023-26359
was published
Mar 23, 2023
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code...
Critical
Unreviewed
CVE-2023-26779
was published
Mar 4, 2023
Unauthenticated Java deserialization vulnerability in Serviceguard Manager
Critical
Unreviewed
CVE-2022-37936
was published
Mar 1, 2023
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated...
Critical
Unreviewed
CVE-2023-26326
was published
Feb 23, 2023
ProTip!
Advisories are also available from the
GraphQL API