Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
XXL-RPC Deserialization of Untrusted Data vulnerability Critical
CVE-2023-45146 was published for com.xuxueli:xxl-rpc-core (Maven) Aug 5, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code... Critical Unreviewed
CVE-2024-6327 was published Jul 24, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that... Critical Unreviewed
CVE-2024-6793 was published Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming ... Critical Unreviewed
CVE-2024-6794 was published Jul 22, 2024
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access... Critical Unreviewed
CVE-2024-28074 was published Jul 17, 2024
TorrentPier Deserialization of Untrusted Data vulnerability Critical
CVE-2024-40624 was published for torrentpier/torrentpier (Composer) Jul 15, 2024
swapgs
Credited to swapgs
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes,... Critical Unreviewed
CVE-2024-5488 was published Jul 9, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2024-5871 was published Jun 15, 2024
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote... Critical Unreviewed
CVE-2024-5671 was published Jun 14, 2024
The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products &... Critical Unreviewed
CVE-2024-4371 was published Jun 13, 2024
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal,... Critical Unreviewed
CVE-2024-5675 was published Jun 6, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-mmcv-fvq8-r9x3 was published for symfony/symfony (Composer) May 30, 2024
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server... Critical Unreviewed
CVE-2024-29212 was published May 14, 2024
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2024-28075 was published May 14, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability Critical
CVE-2024-26579 was published for org.apache.inlong:manager-pojo (Maven) May 8, 2024
Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51576 was published May 3, 2024
Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote... Critical Unreviewed
CVE-2023-39476 was published May 3, 2024
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted... Critical Unreviewed
CVE-2023-39475 was published May 3, 2024
Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore... Critical Unreviewed
CVE-2024-33553 was published Apr 29, 2024
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions... Critical Unreviewed
CVE-2024-1813 was published Apr 9, 2024
Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be... Critical Unreviewed
CVE-2024-27604 was published Apr 2, 2024
Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution... Critical Unreviewed
CVE-2023-51570 was published Apr 2, 2024
A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to... Critical Unreviewed
CVE-2024-29433 was published Apr 1, 2024
Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This... Critical Unreviewed
CVE-2024-31094 was published Mar 31, 2024
Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects... Critical Unreviewed
CVE-2024-30224 was published Mar 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database