Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability High
CVE-2023-28754 was published for org.apache.shardingsphere:shardingsphere (Maven) Jul 19, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message Critical
CVE-2023-26512 was published for org.apache.eventmesh:eventmesh-connector-rabbitmq (Maven) Jul 17, 2023
raboof
Credited to raboof
Controller DoS may occur due to buffer overflow when an error is generated in response to a... High Unreviewed
CVE-2023-25770 was published Jul 13, 2023
The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up... High Unreviewed
CVE-2023-3343 was published Jul 13, 2023
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and... Critical Unreviewed
CVE-2023-29300 was published Jul 12, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution Critical
CVE-2023-36825 was published for orchid/platform (Composer) Jul 11, 2023
catferq
Credited to catferq
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that... Critical Unreviewed
CVE-2023-34347 was published Jul 10, 2023
Apache Johnzon Deserialization of Untrusted Data vulnerability Moderate
CVE-2023-33008 was published for org.apache.johnzon:johnzon-mapper (Maven) Jul 7, 2023
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious... High Unreviewed
CVE-2023-20888 was published Jul 6, 2023
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including... High Unreviewed
CVE-2022-4815 was published Jul 6, 2023
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2023-31058 was published for org.apache.inlong:manager-common (Maven) Jul 6, 2023
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with... High Unreviewed
CVE-2023-1552 was published Jul 6, 2023
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which... Critical Unreviewed
CVE-2023-1399 was published Jul 6, 2023
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an... Critical Unreviewed
CVE-2023-28323 was published Jul 1, 2023
Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart... High Unreviewed
CVE-2023-31222 was published Jun 29, 2023
In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to... Moderate Unreviewed
CVE-2023-21205 was published Jun 28, 2023
In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe... Moderate Unreviewed
CVE-2023-21209 was published Jun 28, 2023
In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due... Moderate Unreviewed
CVE-2023-21206 was published Jun 28, 2023
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8... Critical Unreviewed
CVE-2023-33299 was published Jun 23, 2023
Attackers with access to the "documentconverterws" API were able to inject serialized Java... High Unreviewed
CVE-2023-26436 was published Jun 20, 2023
Solon vulnerable to deserialization of untrusted data Critical
CVE-2023-35839 was published for org.noear:solon (Maven) Jun 19, 2023
Whaleal IceFrog is vulnerable to deserialization Moderate
CVE-2023-3308 was published for com.whaleal.icefrog:icefrog-all (Maven) Jun 18, 2023
In run of multiple files, there is a possible escalation of privilege due to unsafe... High Unreviewed
CVE-2023-21124 was published Jun 15, 2023
An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of... Unknown Unreviewed
CVE-2023-35116 was published Jun 14, 2023
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that... High Unreviewed
CVE-2023-3001 was published Jun 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database