Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,006 advisories

Loading
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables... Critical Unreviewed
CVE-2025-42963 was published Jul 8, 2025
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative... Critical Unreviewed
CVE-2025-42966 was published Jul 8, 2025
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload... Critical Unreviewed
CVE-2025-42964 was published Jul 8, 2025
An unauthenticated remote command execution vulnerability exists in the applyCT component of the... Critical Unreviewed
CVE-2025-34067 was published Jul 2, 2025
Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution... Critical Unreviewed
CVE-2025-6810 was published Jul 7, 2025
Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code... Critical Unreviewed
CVE-2025-6811 was published Jul 7, 2025
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data High
CVE-2023-25194 was published for org.apache.kafka:connect (Maven) Feb 7, 2023
MarkLee131
Credited to MarkLee131
Deserialization of Untrusted Data vulnerability in designthemes Red Art allows Object Injection.... High Unreviewed
CVE-2025-52828 was published Jul 4, 2025
Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi... Critical Unreviewed
CVE-2025-49417 was published Jul 4, 2025
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET... Moderate Unreviewed
CVE-2025-43713 was published Jul 3, 2025
vLLM Allows Remote Code Execution via Mooncake Integration Critical
CVE-2025-29783 was published for vllm (pip) Mar 19, 2025
JosephTLucas russellb
kexinoh
Credited to JosephTLucas, russellb, and kexinoh
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... Critical Unreviewed
CVE-2024-13786 was published Jul 2, 2025
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is... High Unreviewed
CVE-2025-6464 was published Jul 2, 2025
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).  This... High Unreviewed
CVE-2024-42323 was published Sep 21, 2024
Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code... High Unreviewed
CVE-2025-53415 was published Jun 30, 2025
akka-cluster-metrics uses Java serialization for cluster metrics Moderate
CVE-2025-53393 was published for com.typesafe.akka:akka-cluster-metrics_2.13 (Maven) Jun 29, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Critical
CVE-2025-32897 was published for org.apache.seata:seata-config-core (Maven) Jun 28, 2025
oscerd
Credited to oscerd
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator High
CVE-2025-24357 was published for vllm (pip) Jan 27, 2025
DogeWatch russellb
Credited to DogeWatch and russellb
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py Moderate
CVE-2025-46567 was published for llamafactory (pip) Apr 23, 2025
Anchor0221 xhjy2020
Credited to Anchor0221 and xhjy2020
Deserialization of Untrusted Data vulnerability in uxper Nuss allows Object Injection. This issue... High Unreviewed
CVE-2025-52827 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue... High Unreviewed
CVE-2025-52826 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in pebas CouponXxL allows Object Injection. This... Critical Unreviewed
CVE-2025-52725 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic allows Object... Critical Unreviewed
CVE-2025-28970 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk allows Object Injection.... Critical Unreviewed
CVE-2025-52724 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms allows Object... Critical Unreviewed
CVE-2025-52709 was published Jun 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database