GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
319 advisories
Filter by severity
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server...
Critical
Unreviewed
CVE-2024-29212
was published
May 14, 2024
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop...
Critical
Unreviewed
CVE-2024-24302
was published
Mar 3, 2024
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote...
Critical
Unreviewed
CVE-2023-43208
was published
Oct 26, 2023
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote...
Critical
Unreviewed
CVE-2024-5671
was published
Jun 14, 2024
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal,...
Critical
Unreviewed
CVE-2024-5675
was published
Jun 6, 2024
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This...
Critical
Unreviewed
CVE-2024-28075
was published
May 14, 2024
Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability....
Critical
Unreviewed
CVE-2023-51576
was published
May 3, 2024
Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote...
Critical
Unreviewed
CVE-2023-39476
was published
May 3, 2024
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted...
Critical
Unreviewed
CVE-2023-39475
was published
May 3, 2024
Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows...
Critical
Unreviewed
CVE-2023-51204
was published
Jan 31, 2024
Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore...
Critical
Unreviewed
CVE-2024-33553
was published
Apr 29, 2024
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote...
Critical
Unreviewed
CVE-2023-27068
was published
May 23, 2023
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to...
Critical
Unreviewed
CVE-2023-4402
was published
Oct 20, 2023
Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing...
Critical
Unreviewed
CVE-2023-39680
was published
Oct 20, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This...
Critical
Unreviewed
CVE-2023-35184
was published
Oct 19, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This...
Critical
Unreviewed
CVE-2023-35182
was published
Oct 19, 2023
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti...
Critical
Unreviewed
CVE-2023-35084
was published
Oct 18, 2023
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization...
Critical
Unreviewed
CVE-2023-43981
was published
Oct 5, 2023
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to...
Critical
Unreviewed
CVE-2023-43291
was published
Sep 27, 2023
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier)...
Critical
Unreviewed
CVE-2023-38204
was published
Sep 14, 2023
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2020-19559
was published
Sep 11, 2023
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which...
Critical
Unreviewed
CVE-2023-0925
was published
Sep 6, 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to...
Critical
Unreviewed
CVE-2023-3259
was published
Aug 14, 2023
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...
Critical
Unreviewed
CVE-2022-40609
was published
Aug 2, 2023
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that...
Critical
Unreviewed
CVE-2023-34347
was published
Jul 10, 2023
ProTip!
Advisories are also available from the
GraphQL API