Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,339 advisories

Loading
A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected... Moderate Unreviewed
CVE-2024-6944 was published Jul 21, 2024
A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical.... Moderate Unreviewed
CVE-2024-6943 was published Jul 21, 2024
.NET Denial of Service Vulnerability High
CVE-2023-21538 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jan 10, 2023
The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2024-6152 was published Jul 27, 2024
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering High
CVE-2017-9805 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
sunSUNQ
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization... High Unreviewed
CVE-2019-18935 was published May 24, 2022
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder Moderate
CVE-2024-28861 was published for friendsofsymfony1/symfony1 (Composer) Mar 22, 2024
darkpills
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code... Critical Unreviewed
CVE-2024-6327 was published Jul 24, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming ... Critical Unreviewed
CVE-2024-6794 was published Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that... Critical Unreviewed
CVE-2024-6793 was published Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in... High Unreviewed
CVE-2024-6675 was published Jul 22, 2024
Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace.This issue... Moderate Unreviewed
CVE-2024-38759 was published Jul 22, 2024
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access... Critical Unreviewed
CVE-2024-28074 was published Jul 17, 2024
The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products &... Critical Unreviewed
CVE-2024-4371 was published Jun 13, 2024
Microsoft SharePoint Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38094 was published Jul 9, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38024 was published Jul 9, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38023 was published Jul 9, 2024
Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue... Moderate Unreviewed
CVE-2024-37502 was published Jul 9, 2024
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10672 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10673 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies... Low Unreviewed
CVE-2024-34274 was published May 21, 2024
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server... Critical Unreviewed
CVE-2024-29212 was published May 14, 2024
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop... Critical Unreviewed
CVE-2024-24302 was published Mar 3, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user... High Unreviewed
CVE-2024-36984 was published Jul 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database