Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
LiteDB may deserialize bad JSON on object type using _type Critical
CVE-2022-23535 was published for LiteDB (NuGet) Feb 24, 2023
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution. Critical
CVE-2022-39256 was published for CompositeC1.Core (NuGet) Sep 30, 2022
tdunlap607
QuantConnect Lean vulnerable to insecure deserialization Critical
CVE-2020-20136 was published for QuantConnect.Common (NuGet) May 24, 2022
Deserialization of Untrusted Data in NancyFX Nancy Critical
CVE-2017-9785 was published for Nancy (NuGet) May 17, 2022
Deserialization of Untrusted Data in SinGooCMS.Utility Critical
CVE-2022-0749 was published for SinGooCMS.Utility (NuGet) Mar 18, 2022
Remote Code Execution in AjaxNetProfessional Critical
CVE-2021-23758 was published for AjaxNetProfessional (NuGet) Dec 16, 2021
Remote Code Execution in AjaxNetProfessional Critical
GHSA-6r7c-6w96-8pvw was published for AjaxNetProfessional (NuGet) Dec 7, 2021
h0ng10 mwulftange
Remote Code Execution in Halibut Critical
CVE-2021-31819 was published for Halibut (NuGet) Sep 23, 2021
Insecure deserialization in Wire Critical
CVE-2021-29508 was published for Wire (NuGet) May 19, 2021
ProTip! Advisories are also available from the GraphQL API