GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
522 advisories
Filter by severity
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in...
Critical
Unreviewed
CVE-2023-1133
was published
Mar 27, 2023
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are...
Critical
Unreviewed
CVE-2023-26359
was published
Mar 23, 2023
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure...
Critical
Unreviewed
CVE-2023-28667
was published
Mar 22, 2023
PHAR deserialization allowing remote code execution
Critical
CVE-2023-28115
was published
for
knplabs/knp-snappy
(Composer)
Mar 17, 2023
Apache Dubbo vulnerable to Deserialization of Untrusted Data
Critical
CVE-2023-23638
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 8, 2023
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code...
Critical
Unreviewed
CVE-2023-26779
was published
Mar 4, 2023
Unauthenticated Java deserialization vulnerability in Serviceguard Manager
Critical
Unreviewed
CVE-2022-37936
was published
Mar 1, 2023
LiteDB may deserialize bad JSON on object type using _type
Critical
CVE-2022-23535
was published
for
LiteDB
(NuGet)
Feb 24, 2023
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated...
Critical
Unreviewed
CVE-2023-26326
was published
Feb 23, 2023
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to...
Critical
Unreviewed
CVE-2023-0232
was published
Feb 21, 2023
JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.
Critical
Unreviewed
CVE-2023-26234
was published
Feb 21, 2023
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system,...
Critical
Unreviewed
CVE-2022-47986
was published
Feb 17, 2023
Deserialization of Untrusted Data in thinkphp
Critical
CVE-2022-45982
was published
for
topthink/think
(Composer)
Feb 8, 2023
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code...
Critical
Unreviewed
CVE-2023-25135
was published
Feb 3, 2023
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24997
was published
for
org.apache.inlong:inlong
(Maven)
Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability
Critical
CVE-2023-24162
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be...
Critical
Unreviewed
CVE-2022-32521
was published
Jan 31, 2023
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp....
Critical
Unreviewed
CVE-2022-4890
was published
Jan 16, 2023
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by...
Critical
Unreviewed
CVE-2022-46478
was published
Jan 13, 2023
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Critical
CVE-2021-32824
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Jan 3, 2023
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6...
Critical
Unreviewed
CVE-2022-4120
was published
Dec 26, 2022
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary...
Critical
Unreviewed
CVE-2021-38241
was published
Dec 17, 2022
replicator vulnerable to Deserialization of Untrusted Data
Critical
CVE-2021-33420
was published
for
replicator
(npm)
Dec 15, 2022
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the...
Critical
Unreviewed
CVE-2022-3900
was published
Dec 12, 2022
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin...
Critical
Unreviewed
CVE-2022-44351
was published
Dec 7, 2022
ProTip!
Advisories are also available from the
GraphQL API