Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

319 advisories

Loading
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server... Critical Unreviewed
CVE-2024-29212 was published May 14, 2024
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop... Critical Unreviewed
CVE-2024-24302 was published Mar 3, 2024
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote... Critical Unreviewed
CVE-2023-43208 was published Oct 26, 2023
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote... Critical Unreviewed
CVE-2024-5671 was published Jun 14, 2024
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal,... Critical Unreviewed
CVE-2024-5675 was published Jun 6, 2024
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2024-28075 was published May 14, 2024
Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51576 was published May 3, 2024
Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote... Critical Unreviewed
CVE-2023-39476 was published May 3, 2024
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted... Critical Unreviewed
CVE-2023-39475 was published May 3, 2024
Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows... Critical Unreviewed
CVE-2023-51204 was published Jan 31, 2024
Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore... Critical Unreviewed
CVE-2024-33553 was published Apr 29, 2024
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote... Critical Unreviewed
CVE-2023-27068 was published May 23, 2023
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to... Critical Unreviewed
CVE-2023-4402 was published Oct 20, 2023
Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing... Critical Unreviewed
CVE-2023-39680 was published Oct 20, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2023-35184 was published Oct 19, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2023-35182 was published Oct 19, 2023
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti... Critical Unreviewed
CVE-2023-35084 was published Oct 18, 2023
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization... Critical Unreviewed
CVE-2023-43981 was published Oct 5, 2023
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to... Critical Unreviewed
CVE-2023-43291 was published Sep 27, 2023
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier)... Critical Unreviewed
CVE-2023-38204 was published Sep 14, 2023
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2020-19559 was published Sep 11, 2023
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which... Critical Unreviewed
CVE-2023-0925 was published Sep 6, 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to... Critical Unreviewed
CVE-2023-3259 was published Aug 14, 2023
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute... Critical Unreviewed
CVE-2022-40609 was published Aug 2, 2023
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that... Critical Unreviewed
CVE-2023-34347 was published Jul 10, 2023
ProTip! Advisories are also available from the GraphQL API