GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,614
Composer 5,007
Erlang 39
GitHub Actions 38
Go 2,638
Maven 6,105
npm 4,264
NuGet 760
pip 4,060
Pub 12
RubyGems 956
Rust 1,056
Swift 45

Unreviewed advisories

All unreviewed 277,015

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

2,006 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization Critical Unreviewed

CVE-2025-11367 was published Nov 12, 2025

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed

CVE-2025-62204 was published Nov 11, 2025

ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is... Moderate Unreviewed

CVE-2025-63617 was published Nov 10, 2025

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is... High Unreviewed

CVE-2025-12099 was published Nov 8, 2025

Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc High

GHSA-f83h-ghpp-7wcc was published for pdfminer.six (pip) Nov 7, 2025

Credited to sumanrox

Arbitrary Code Execution in pdfminer.six via Crafted PDF Input High

GHSA-wf5f-4jwr-ppcp was published for pdfminer.six (pip) Nov 7, 2025

Credited to mtolley

Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from... High Unreviewed

CVE-2025-62035 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user... Unknown Unreviewed

CVE-2025-60245 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi... High Unreviewed

CVE-2025-54719 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object... Critical Unreviewed

CVE-2025-53586 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress... High Unreviewed

CVE-2025-58592 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows... High Unreviewed

CVE-2025-58619 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft... Unknown Unreviewed

CVE-2025-58636 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows... Unknown Unreviewed

CVE-2025-58998 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection... Critical Unreviewed

CVE-2025-53242 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve... Critical Unreviewed

CVE-2025-49386 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets... Critical Unreviewed

CVE-2025-49393 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite... Critical Unreviewed

CVE-2025-48086 was published Nov 6, 2025

LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer High

CVE-2025-64439 was published for langgraph-checkpoint (pip) Nov 5, 2025

Credited to joernchen

The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all... Moderate Unreviewed

CVE-2025-8871 was published Nov 5, 2025

Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object... High Unreviewed

CVE-2025-64353 was published Oct 31, 2025

cryptidy allows code execution via untrusted data due to pickle.loads Moderate

CVE-2025-63675 was published for cryptidy (pip) Oct 31, 2025

Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate

CVE-2025-12058 was published for keras (pip) Oct 29, 2025

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function... Moderate Unreviewed

CVE-2025-12305 was published Oct 27, 2025

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from... Critical Unreviewed

CVE-2025-34292 was published Oct 27, 2025

Previous1…81 Next

Previous 1 2 3 4 5 … 80 81 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,006 advisories