Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a... High Unreviewed
CVE-2023-1145 was published Mar 27, 2023
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data High
CVE-2023-27296 was published for org.apache.inlong:inlong-manager (Maven) Mar 27, 2023
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are... Critical Unreviewed
CVE-2023-26359 was published Mar 23, 2023
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure... Critical Unreviewed
CVE-2023-28667 was published Mar 22, 2023
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that... High Unreviewed
CVE-2023-27978 was published Mar 21, 2023
PHAR deserialization allowing remote code execution Critical
CVE-2023-28115 was published for knplabs/knp-snappy (Composer) Mar 17, 2023
psmoros nightfury99
Credited to psmoros and nightfury99
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for log4j:log4j (Maven) Mar 10, 2023
jw123023 AndrzejBiernacki2010
Credited to jw123023 and AndrzejBiernacki2010
Apache Dubbo vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-23638 was published for org.apache.dubbo:dubbo (Maven) Mar 8, 2023
loganaden
Credited to loganaden
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code... Critical Unreviewed
CVE-2023-26779 was published Mar 4, 2023
Unauthenticated Java deserialization vulnerability in Serviceguard Manager Critical Unreviewed
CVE-2022-37936 was published Mar 1, 2023
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because... Critical Unreviewed
CVE-2023-27372 was published Feb 28, 2023
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to... High Unreviewed
CVE-2023-20944 was published Feb 28, 2023
LiteDB may deserialize bad JSON on object type using _type Critical
CVE-2022-23535 was published for LiteDB (NuGet) Feb 24, 2023
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated... Critical Unreviewed
CVE-2023-26326 was published Feb 23, 2023
A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is... Unknown Unreviewed
CVE-2023-0960 was published Feb 22, 2023
MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data High
CVE-2022-48282 was published for MongoDB.Driver (NuGet) Feb 21, 2023
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to... Critical Unreviewed
CVE-2023-0232 was published Feb 21, 2023
JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. Critical Unreviewed
CVE-2023-26234 was published Feb 21, 2023
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system,... Critical Unreviewed
CVE-2022-47986 was published Feb 17, 2023
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed
CVE-2022-47503 was published Feb 15, 2023
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed
CVE-2022-47504 was published Feb 15, 2023
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed
CVE-2022-47507 was published Feb 15, 2023
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed
CVE-2022-38111 was published Feb 15, 2023
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of... High Unreviewed
CVE-2023-23836 was published Feb 15, 2023
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input... High Unreviewed
CVE-2022-3568 was published Feb 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database