Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms allows Object... Critical Unreviewed
CVE-2025-52709 was published Jun 27, 2025
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2025-36038 was published Jun 26, 2025
Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability.... Critical Unreviewed
CVE-2025-2566 was published Jun 24, 2025
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only... High Unreviewed
CVE-2024-41151 was published Nov 18, 2024
PowSyBl Core allows deserialization of untrusted SparseMatrix data High
CVE-2025-47771 was published for com.powsybl:powsybl-math (Maven) Jun 19, 2025
arthurscchan AdamKorcz
olperr1 rolnico
Credited to arthurscchan, AdamKorcz, olperr1, and rolnico
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Credited to justintaft, securisec, JLLeitschuh, DmitriyLewen, yairmzr, and pjfanning
Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and... Critical Unreviewed
CVE-2025-49330 was published Jun 17, 2025
Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog allows... High Unreviewed
CVE-2025-49331 was published Jun 17, 2025
Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce... Critical Unreviewed
CVE-2025-30618 was published Jun 17, 2025
Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This... Critical Unreviewed
CVE-2025-31919 was published Jun 17, 2025
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Critical
CVE-2025-49113 was published for roundcube/roundcubemail (Composer) Jun 2, 2025
Malayke
Credited to Malayke
A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic.... Moderate Unreviewed
CVE-2025-4905 was published May 19, 2025
The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow... High Unreviewed
CVE-2023-1405 was published Jan 16, 2024
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27818 was published for org.apache.kafka:kafka (Maven) Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27819 was published for org.apache.kafka:kafka (Maven) Jun 10, 2025
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2025-27531 was published for org.apache.inlong:inlong-manager (Maven) Jun 6, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2025-47166 was published Jun 10, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2025-47163 was published Jun 10, 2025
Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection... Critical Unreviewed
CVE-2025-49455 was published Jun 10, 2025
Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection... Critical Unreviewed
CVE-2025-49507 was published Jun 10, 2025
Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction... Critical Unreviewed
CVE-2025-31429 was published Jun 9, 2025
Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page... Critical Unreviewed
CVE-2025-31052 was published Jun 9, 2025
Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme... Critical Unreviewed
CVE-2025-31396 was published Jun 9, 2025
Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows... Critical Unreviewed
CVE-2025-31398 was published Jun 9, 2025
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state... High Unreviewed
CVE-2018-15686 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database