Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects... Critical Unreviewed
CVE-2024-30225 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue... Critical Unreviewed
CVE-2024-30228 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects... Critical Unreviewed
CVE-2024-30226 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue... Critical Unreviewed
CVE-2024-30227 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects... Critical Unreviewed
CVE-2024-30223 was published Mar 28, 2024
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied... Critical Unreviewed
CVE-2024-2054 was published Mar 21, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code... Critical Unreviewed
CVE-2024-1800 was published Mar 20, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
Credited to TheZ3ro
nGrinder vulnerable to unsafe Java objects deserialization Critical
CVE-2024-28213 was published for org.ngrinder:ngrinder-core (Maven) Mar 7, 2024
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute... Critical Unreviewed
CVE-2024-28212 was published Mar 7, 2024
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be... Critical Unreviewed
CVE-2024-28211 was published Mar 7, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability Critical
CVE-2024-26580 was published for org.apache.inlong:manager-common (Maven) Mar 6, 2024
oscerd
Credited to oscerd
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop... Critical Unreviewed
CVE-2024-24302 was published Mar 3, 2024
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-23052 was published Feb 29, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Credited to oscerd
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
Credited to Blaklis, ErwanGuillon, and bsweeney
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution... Critical Unreviewed
CVE-2023-40057 was published Feb 15, 2024
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary... Critical Unreviewed
CVE-2024-23759 was published Feb 13, 2024
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real... Critical Unreviewed
CVE-2024-24797 was published Feb 12, 2024
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue... Critical Unreviewed
CVE-2024-25100 was published Feb 12, 2024
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2023-6933 was published Feb 6, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... Critical Unreviewed
CVE-2024-22320 was published Feb 2, 2024
Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows... Critical Unreviewed
CVE-2023-51204 was published Jan 31, 2024
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products... Critical Unreviewed
CVE-2024-20253 was published Jan 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database