Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
Deserialization of untrusted data in synthcity Critical
CVE-2024-0937 was published for synthcity (pip) Jan 26, 2024
m3t3kh4n
Credited to m3t3kh4n
Remote Command Execution in SOFARPC Critical
CVE-2024-23636 was published for com.alipay.sofa:rpc-sofa-boot-starter (Maven) Jan 23, 2024
yemoli
Credited to yemoli
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization Critical
CVE-2017-20189 was published for org.clojure:clojure (Maven) Jan 22, 2024
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
Credited to r3kumar
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of... Critical Unreviewed
CVE-2023-6049 was published Jan 15, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder... Critical Unreviewed
CVE-2023-52202 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with... Critical Unreviewed
CVE-2023-52205 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with... Critical Unreviewed
CVE-2023-52207 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment... Critical Unreviewed
CVE-2023-52218 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue... Critical Unreviewed
CVE-2023-52219 was published Jan 8, 2024
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media... Critical Unreviewed
CVE-2023-52225 was published Jan 8, 2024
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows... Critical Unreviewed
CVE-2023-49442 was published Jan 3, 2024
Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects... Critical Unreviewed
CVE-2023-52181 was published Dec 31, 2023
Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes... Critical Unreviewed
CVE-2023-52182 was published Dec 31, 2023
Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This... Critical Unreviewed
CVE-2023-49777 was published Dec 31, 2023
Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This... Critical Unreviewed
CVE-2023-51470 was published Dec 29, 2023
Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y... Critical Unreviewed
CVE-2023-51414 was published Dec 29, 2023
Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for... Critical Unreviewed
CVE-2023-51505 was published Dec 29, 2023
Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live... Critical Unreviewed
CVE-2023-51422 was published Dec 29, 2023
An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects... Critical Unreviewed
CVE-2022-34268 was published Dec 25, 2023
Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects... Critical Unreviewed
CVE-2023-49778 was published Dec 21, 2023
Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce... Critical Unreviewed
CVE-2023-32242 was published Dec 21, 2023
Apache IoTDB: Unsafe deserialize map in Sync Tool Critical
CVE-2023-51656 was published for org.apache.iotdb:iotdb-parent (Maven) Dec 21, 2023
Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue... Critical Unreviewed
CVE-2023-49773 was published Dec 20, 2023
Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love... Critical Unreviewed
CVE-2023-49772 was published Dec 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database