Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability,... Critical Unreviewed
CVE-2025-7916 was published Jul 21, 2025
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for... Critical Unreviewed
CVE-2025-7696 was published Jul 19, 2025
The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for... Critical Unreviewed
CVE-2025-7697 was published Jul 19, 2025
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device... High Unreviewed
CVE-2025-7433 was published Jul 17, 2025
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5... Critical Unreviewed
CVE-2025-25034 was published Jun 20, 2025
Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress... High Unreviewed
CVE-2025-31422 was published Jul 16, 2025
Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object... Critical Unreviewed
CVE-2025-30949 was published Jul 16, 2025
Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This... High Unreviewed
CVE-2025-24779 was published Jul 16, 2025
Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows... Critical Unreviewed
CVE-2025-28961 was published Jul 16, 2025
Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS allows Object... Critical Unreviewed
CVE-2025-30973 was published Jul 16, 2025
Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection.... High Unreviewed
CVE-2025-24777 was published Jul 16, 2025
Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder allows Object... High Unreviewed
CVE-2025-53990 was published Jul 16, 2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. High Unreviewed
CVE-2025-53416 was published Jun 30, 2025
Apache Ignite: Possible RCE when deserializing incoming messages by the server node Critical
CVE-2024-52577 was published for org.apache.ignite:ignite-core (Maven) Feb 14, 2025
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the... Moderate Unreviewed
CVE-2025-2251 was published Apr 7, 2025
The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via... High Unreviewed
CVE-2025-7504 was published Jul 12, 2025
The communication protocol used between client and server had a flaw that could lead to an... Critical Unreviewed
CVE-2025-30023 was published Jul 11, 2025
The communication protocol used between the server process and the service control had a flaw... Moderate Unreviewed
CVE-2025-30025 was published Jul 11, 2025
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Critical
CVE-2024-47561 was published for org.apache.avro:avro (Maven) Oct 3, 2024
dbrugman
Credited to dbrugman
Deserialization of Untrusted Data in Log4j 1.x High
CVE-2022-23302 was published for log4j:log4j (Maven) Jan 21, 2022
SebGondron
Credited to SebGondron
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-6742 was published Jul 9, 2025
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of... Critical Unreviewed
CVE-2025-49533 was published Jul 9, 2025
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data... Critical Unreviewed
CVE-2025-27203 was published Jul 9, 2025
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate... High Unreviewed
CVE-2025-47994 was published Jul 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database