Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,002 advisories

Loading
Rails is bad High Unreviewed
CVE-2021-26857 was published May 24, 2022
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series... High Unreviewed
CVE-2019-15271 was published May 24, 2022
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in... Critical Unreviewed
CVE-2019-9874 was published May 24, 2022
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an... High Unreviewed
CVE-2019-9875 was published May 24, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2018-2628 was published May 14, 2022
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10... Critical Unreviewed
CVE-2017-3066 was published May 13, 2022
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed
CVE-2015-7450 was published May 17, 2022
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0... High Unreviewed
CVE-2015-4852 was published May 14, 2022
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to,... Critical Unreviewed
CVE-2017-20207 was published Oct 18, 2025
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to,... Critical Unreviewed
CVE-2017-20206 was published Oct 18, 2025
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login... Critical Unreviewed
CVE-2017-20208 was published Oct 18, 2025
pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer Critical
CVE-2025-62515 was published for pyquokka (pip) Oct 17, 2025
Chenpinji
Credited to Chenpinji
Keras framework vulnerable to deserialization of untrusted data Critical
CVE-2025-49655 was published for keras (pip) Oct 17, 2025
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is... Moderate Unreviewed
CVE-2025-8963 was published Aug 14, 2025
Horovod Vulnerable to Command Injection Critical
CVE-2024-10190 was published for horovod (pip) Mar 20, 2025
Infinite loop condition in Amazon.IonDotnet High
CVE-2025-3857 was published for Amazon.IonDotnet (NuGet) Apr 21, 2025
A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function... Moderate Unreviewed
CVE-2025-11345 was published Oct 6, 2025
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate... High Unreviewed
CVE-2025-59285 was published Oct 14, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2025-59237 was published Oct 14, 2025
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling... High Unreviewed
CVE-2025-10492 was published Sep 16, 2025
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could... Critical Unreviewed
CVE-2025-42944 was published Sep 9, 2025
Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to... High Unreviewed
CVE-2025-11622 was published Oct 13, 2025
e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The... Moderate Unreviewed
CVE-2025-61505 was published Oct 10, 2025
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows... High Unreviewed
CVE-2024-12687 was published Dec 16, 2024
scio is vunerable to Remote Command Execution through PyTorch Critical
GHSA-m9mp-6x32-5rhg was published for scio-pypi (pip) Oct 9, 2025
eliegoudout
Credited to eliegoudout
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database