Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,006 advisories

Loading
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability. High Unreviewed
CVE-2025-52287 was published Aug 22, 2025
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to... High Unreviewed
CVE-2022-2433 was published Sep 7, 2022
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder High
CVE-2025-9141 was published for vllm (pip) Aug 21, 2025
levigross russellb
Credited to levigross and russellb
Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders Moderate
CVE-2024-56515 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code... High Unreviewed
CVE-2025-54923 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical... Critical Unreviewed
CVE-2025-54014 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks... High Unreviewed
CVE-2025-54007 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content... Critical Unreviewed
CVE-2025-53299 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in rascals Noisa allows Object Injection. This... High Unreviewed
CVE-2025-53560 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object... High Unreviewed
CVE-2025-49438 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg allows Object... Moderate Unreviewed
CVE-2025-54053 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Commerce allows Object... High Unreviewed
CVE-2025-54012 was published Aug 20, 2025
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as... Moderate Unreviewed
CVE-2025-5497 was published Jun 3, 2025
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in... High Unreviewed
CVE-2025-8289 was published Aug 20, 2025
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in... High Unreviewed
CVE-2025-8145 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection.... Critical Unreviewed
CVE-2025-54686 was published Aug 14, 2025
Deserialization of Untrusted Data vulnerability in Arraytics Eventin allows Object Injection.... High Unreviewed
CVE-2025-49869 was published Aug 14, 2025
Deserialization of Untrusted Data vulnerability in keywordrush Content Egg allows Object... High Unreviewed
CVE-2025-47536 was published Aug 14, 2025
An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an... Moderate Unreviewed
CVE-2025-2180 was published Aug 13, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a... High Unreviewed
CVE-2025-23303 was published Aug 13, 2025
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-7384 was published Aug 13, 2025
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality High
CVE-2025-8747 was published for keras (pip) Aug 12, 2025
io-no
Credited to io-no
Duplicate Advisory: Keras safe mode bypass vulnerability High
GHSA-pwq7-2gvj-vg9v was published for keras (pip) Aug 11, 2025 withdrawn
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code... High Unreviewed
CVE-2025-53772 was published Aug 12, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2025-49712 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database