Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,006 advisories

Loading
Apache Seata Vulnerable to Deserialization of Untrusted Data Critical
CVE-2025-32897 was published for org.apache.seata:seata-config-core (Maven) Jun 28, 2025
oscerd
Credited to oscerd
akka-cluster-metrics uses Java serialization for cluster metrics Moderate
CVE-2025-53393 was published for com.typesafe.akka:akka-cluster-metrics_2.13 (Maven) Jun 29, 2025
Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code... High Unreviewed
CVE-2025-53415 was published Jun 30, 2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. High Unreviewed
CVE-2025-53416 was published Jun 30, 2025
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is... High Unreviewed
CVE-2025-6464 was published Jul 2, 2025
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... Critical Unreviewed
CVE-2024-13786 was published Jul 2, 2025
An unauthenticated remote command execution vulnerability exists in the applyCT component of the... Critical Unreviewed
CVE-2025-34067 was published Jul 2, 2025
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET... Moderate Unreviewed
CVE-2025-43713 was published Jul 3, 2025
Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi... Critical Unreviewed
CVE-2025-49417 was published Jul 4, 2025
Deserialization of Untrusted Data vulnerability in designthemes Red Art allows Object Injection.... High Unreviewed
CVE-2025-52828 was published Jul 4, 2025
A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical.... Moderate Unreviewed
CVE-2025-7099 was published Jul 7, 2025
Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code... Critical Unreviewed
CVE-2025-6811 was published Jul 7, 2025
Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution... Critical Unreviewed
CVE-2025-6810 was published Jul 7, 2025
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload... Critical Unreviewed
CVE-2025-42964 was published Jul 8, 2025
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative... Critical Unreviewed
CVE-2025-42966 was published Jul 8, 2025
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables... Critical Unreviewed
CVE-2025-42963 was published Jul 8, 2025
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can... Critical Unreviewed
CVE-2025-42980 was published Jul 8, 2025
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate... High Unreviewed
CVE-2025-47994 was published Jul 8, 2025
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data... Critical Unreviewed
CVE-2025-27203 was published Jul 9, 2025
Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of... Critical Unreviewed
CVE-2025-49533 was published Jul 9, 2025
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-6742 was published Jul 9, 2025
The communication protocol used between client and server had a flaw that could lead to an... Critical Unreviewed
CVE-2025-30023 was published Jul 11, 2025
The communication protocol used between the server process and the service control had a flaw... Moderate Unreviewed
CVE-2025-30025 was published Jul 11, 2025
The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via... High Unreviewed
CVE-2025-7504 was published Jul 12, 2025
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... Moderate Unreviewed
CVE-2025-30761 was published Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database