Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,001 advisories

Loading
Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection.... Critical Unreviewed
CVE-2025-39499 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House allows Object... Critical Unreviewed
CVE-2025-31631 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection.... Critical Unreviewed
CVE-2025-31430 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business... Critical Unreviewed
CVE-2025-31069 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto allows Object Injection.... Critical Unreviewed
CVE-2025-31423 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This... Critical Unreviewed
CVE-2025-31049 was published May 23, 2025
The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable... High Unreviewed
CVE-2025-4803 was published May 21, 2025
The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution Critical
CVE-2025-48200 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
An authenticated user can modify application state data. High Unreviewed
CVE-2025-48018 was published May 20, 2025
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service Critical
CVE-2025-47277 was published for vllm (pip) May 20, 2025
kikayli russellb
funscoietyxboyz
Credited to kikayli, russellb, and funscoietyxboyz
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows... Critical Unreviewed
CVE-2025-39348 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object... Critical Unreviewed
CVE-2025-39354 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This... Critical Unreviewed
CVE-2025-32928 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows... Critical Unreviewed
CVE-2025-39356 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object... Critical Unreviewed
CVE-2025-39349 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar... Critical Unreviewed
CVE-2025-47581 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection... Critical Unreviewed
CVE-2025-32927 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder -... Critical Unreviewed
CVE-2025-39410 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot... Critical Unreviewed
CVE-2025-47582 was published May 19, 2025
A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic.... Moderate Unreviewed
CVE-2025-4905 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object... High Unreviewed
CVE-2025-48134 was published May 16, 2025
The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed
CVE-2025-3623 was published May 14, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker... High Unreviewed
CVE-2025-30378 was published May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker... High Unreviewed
CVE-2025-30382 was published May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker... High Unreviewed
CVE-2025-30384 was published May 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database