Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,002 advisories

Loading
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes –... High Unreviewed
CVE-2025-58643 was published Sep 3, 2025
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore... High Unreviewed
CVE-2025-53691 was published Sep 3, 2025
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin... Moderate Unreviewed
CVE-2025-9260 was published Sep 3, 2025
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for log4j:log4j (Maven) Mar 10, 2023
jw123023 AndrzejBiernacki2010
Credited to jw123023 and AndrzejBiernacki2010
Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk... High Unreviewed
CVE-2024-47092 was published Mar 3, 2025
Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution... High Unreviewed
CVE-2025-7976 was published Sep 2, 2025
There is a deserialization of untrusted data vulnerability in Digilent DASYLab. This... High Unreviewed
CVE-2025-9188 was published Sep 2, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for torch (pip) Apr 18, 2025
azraelxuemo hixio-mh
Credited to azraelxuemo and hixio-mh
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object... High Unreviewed
CVE-2025-54742 was published Aug 28, 2025
Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight allows... High Unreviewed
CVE-2025-53583 was published Aug 28, 2025
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object... Critical Unreviewed
CVE-2025-52761 was published Aug 28, 2025
Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact allows Object... High Unreviewed
CVE-2025-53572 was published Aug 28, 2025
Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service... High Unreviewed
CVE-2025-53584 was published Aug 28, 2025
Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff... High Unreviewed
CVE-2025-53243 was published Aug 28, 2025
H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote... Critical Unreviewed
CVE-2024-13980 was published Aug 28, 2025
gopkg.in/yaml.v3 Denial of Service High
CVE-2022-28948 was published for gopkg.in/yaml.v3 (Go) May 20, 2022
fourdim thediveo
n-bes
Credited to fourdim, thediveo, and n-bes
A vulnerability classified as critical was found in Metasoft 美特软件 MetaCRM up to 6.4.2. This... Moderate Unreviewed
CVE-2025-7876 was published Jul 20, 2025
Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes – USPS... High Unreviewed
CVE-2025-58218 was published Aug 27, 2025
Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce... Critical Unreviewed
CVE-2023-32242 was published Dec 21, 2023
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user... Critical Unreviewed
CVE-2022-45134 was published Aug 22, 2025
Adminer PHP Object Injection issue leads to Denial of Service High
CVE-2025-43960 was published for vrana/adminer (Composer) Aug 25, 2025
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability. High Unreviewed
CVE-2025-52287 was published Aug 22, 2025
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to... High Unreviewed
CVE-2022-2433 was published Sep 7, 2022
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder High
CVE-2025-9141 was published for vllm (pip) Aug 21, 2025
levigross russellb
Credited to levigross and russellb
Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders Moderate
CVE-2024-56515 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database