Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

522 advisories

Loading
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in... Critical Unreviewed
CVE-2023-1133 was published Mar 27, 2023
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are... Critical Unreviewed
CVE-2023-26359 was published Mar 23, 2023
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure... Critical Unreviewed
CVE-2023-28667 was published Mar 22, 2023
PHAR deserialization allowing remote code execution Critical
CVE-2023-28115 was published for knplabs/knp-snappy (Composer) Mar 17, 2023
psmoros nightfury99
Apache Dubbo vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-23638 was published for org.apache.dubbo:dubbo (Maven) Mar 8, 2023
loganaden
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code... Critical Unreviewed
CVE-2023-26779 was published Mar 4, 2023
Unauthenticated Java deserialization vulnerability in Serviceguard Manager Critical Unreviewed
CVE-2022-37936 was published Mar 1, 2023
LiteDB may deserialize bad JSON on object type using _type Critical
CVE-2022-23535 was published for LiteDB (NuGet) Feb 24, 2023
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated... Critical Unreviewed
CVE-2023-26326 was published Feb 23, 2023
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to... Critical Unreviewed
CVE-2023-0232 was published Feb 21, 2023
JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. Critical Unreviewed
CVE-2023-26234 was published Feb 21, 2023
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system,... Critical Unreviewed
CVE-2022-47986 was published Feb 17, 2023
Deserialization of Untrusted Data in thinkphp Critical
CVE-2022-45982 was published for topthink/think (Composer) Feb 8, 2023
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2023-25135 was published Feb 3, 2023
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24997 was published for org.apache.inlong:inlong (Maven) Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24162 was published for cn.hutool:hutool-all (Maven) Jan 31, 2023
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be... Critical Unreviewed
CVE-2022-32521 was published Jan 31, 2023
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp.... Critical Unreviewed
CVE-2022-4890 was published Jan 16, 2023
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by... Critical Unreviewed
CVE-2022-46478 was published Jan 13, 2023
Apache Dubbo vulnerable to remote code execution via Telnet Handler Critical
CVE-2021-32824 was published for org.apache.dubbo:dubbo-parent (Maven) Jan 3, 2023
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6... Critical Unreviewed
CVE-2022-4120 was published Dec 26, 2022
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary... Critical Unreviewed
CVE-2021-38241 was published Dec 17, 2022
replicator vulnerable to Deserialization of Untrusted Data Critical
CVE-2021-33420 was published for replicator (npm) Dec 15, 2022
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the... Critical Unreviewed
CVE-2022-3900 was published Dec 12, 2022
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin... Critical Unreviewed
CVE-2022-44351 was published Dec 7, 2022
ProTip! Advisories are also available from the GraphQL API