Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Deserialization of Untrusted Data in thinkphp Critical
CVE-2022-45982 was published for topthink/think (Composer) Feb 8, 2023
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data High
CVE-2023-25194 was published for org.apache.kafka:connect (Maven) Feb 7, 2023
MarkLee131
Credited to MarkLee131
The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which... High Unreviewed
CVE-2022-4489 was published Feb 6, 2023
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework High
CVE-2023-0669 was published for metasploit-framework (RubyGems) Feb 6, 2023 withdrawn
smcintyre-r7
Credited to smcintyre-r7
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2023-25135 was published Feb 3, 2023
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24997 was published for org.apache.inlong:inlong (Maven) Feb 1, 2023
Dromara Hutool Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24162 was published for cn.hutool:hutool-all (Maven) Jan 31, 2023
Apache Linkis contains Deserialization of Untrusted Data High
CVE-2022-44645 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be... Critical Unreviewed
CVE-2022-32521 was published Jan 31, 2023
The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the... High Unreviewed
CVE-2022-4680 was published Jan 30, 2023
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor... High Unreviewed
CVE-2022-31710 was published Jan 26, 2023
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings,... High Unreviewed
CVE-2022-4323 was published Jan 23, 2023
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings,... High Unreviewed
CVE-2022-3425 was published Jan 23, 2023
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common... High Unreviewed
CVE-2022-45923 was published Jan 19, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21839 was published Jan 18, 2023
The Anti-Malware Security and Brute-Force Firewall WordPress plugin through 4.21.85 is prone to a... High Unreviewed
CVE-2022-4327 was published Jan 16, 2023
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp.... Critical Unreviewed
CVE-2022-4890 was published Jan 16, 2023
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object... High Unreviewed
CVE-2023-22850 was published Jan 14, 2023
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by... Critical Unreviewed
CVE-2022-46478 was published Jan 13, 2023
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied... High Unreviewed
CVE-2022-41778 was published Jan 13, 2023
.NET Denial of Service Vulnerability High
CVE-2023-21538 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jan 10, 2023
Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. High Unreviewed
CVE-2022-47083 was published Jan 10, 2023
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file,... High Unreviewed
CVE-2022-3417 was published Jan 10, 2023
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an... High Unreviewed
CVE-2022-3679 was published Jan 10, 2023
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via... High Unreviewed
CVE-2022-4043 was published Jan 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database