Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object... Critical Unreviewed
CVE-2025-39551 was published Apr 17, 2025
Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons... Critical Unreviewed
CVE-2025-39588 was published Apr 17, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for torch (pip) Apr 18, 2025
azraelxuemo hixio-mh
Credited to azraelxuemo and hixio-mh
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability Critical
CVE-2025-29953 was published for Apache.NMS.ActiveMQ (NuGet) Apr 18, 2025
Infinite loop condition in Amazon.IonDotnet High
CVE-2025-3857 was published for Amazon.IonDotnet (NuGet) Apr 21, 2025
Wazuh server vulnerable to remote code execution Critical
CVE-2025-24016 was published for github.com/wazuh/wazuh (Go) Apr 22, 2025
DanielFi GGP1
Credited to DanielFi and GGP1
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of... High Unreviewed
CVE-2025-23249 was published Apr 22, 2025
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py Moderate
CVE-2025-46567 was published for llamafactory (pip) Apr 23, 2025
Anchor0221 xhjy2020
Credited to Anchor0221 and xhjy2020
Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection.... High Unreviewed
CVE-2025-46473 was published Apr 24, 2025
Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer... High Unreviewed
CVE-2025-46481 was published Apr 24, 2025
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code... High Unreviewed
CVE-2025-3935 was published Apr 25, 2025
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2025-2105 was published Apr 26, 2025
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Low Unreviewed
CVE-2023-35814 was published Apr 28, 2025
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on... Low Unreviewed
CVE-2023-35815 was published Apr 28, 2025
GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A... High Unreviewed
CVE-2025-34489 was published Apr 28, 2025
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote... High Unreviewed
CVE-2025-34491 was published Apr 28, 2025
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
Credited to kexinoh, ShangmingCai, and russellb
NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an... High Unreviewed
CVE-2025-23254 was published May 1, 2025
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration High
CVE-2025-30165 was published for vllm (pip) May 6, 2025
avioligo russellb
Credited to avioligo and russellb
The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to,... Critical Unreviewed
CVE-2025-0855 was published May 7, 2025
Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object... High Unreviewed
CVE-2025-47629 was published May 7, 2025
Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows... High Unreviewed
CVE-2025-47683 was published May 7, 2025
Microsoft Dataverse Remote Code Execution Vulnerability High Unreviewed
CVE-2025-47732 was published May 9, 2025
An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation... Moderate Unreviewed
CVE-2025-46738 was published May 12, 2025
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java... Low Unreviewed
CVE-2025-30012 was published May 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database