Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization... Critical Unreviewed
CVE-2023-43981 was published Oct 5, 2023
A?CWE-502:?Deserialization of untrusted data?vulnerability exists?that could allow an attacker... Critical Unreviewed
CVE-2023-5391 was published Oct 4, 2023
Consensys gnark-crypto allows Signature Malleability Critical
CVE-2023-44273 was published for github.com/Consensys/gnark-crypto (Go) Sep 28, 2023
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to... Critical Unreviewed
CVE-2023-43291 was published Sep 27, 2023
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead... Critical Unreviewed
CVE-2023-40619 was published Sep 20, 2023
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier)... Critical Unreviewed
CVE-2023-38204 was published Sep 14, 2023
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2020-19559 was published Sep 11, 2023
Snappy PHAR deserialization vulnerability Critical
CVE-2023-41330 was published for knplabs/knp-snappy (Composer) Sep 8, 2023
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which... Critical Unreviewed
CVE-2023-0925 was published Sep 6, 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to... Critical Unreviewed
CVE-2023-3259 was published Aug 14, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses Critical
CVE-2023-36480 was published for com.aerospike:aerospike-client (Maven) Aug 3, 2023
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute... Critical Unreviewed
CVE-2022-40609 was published Aug 2, 2023
Deserialization vulnerability in Helix workflow and REST Critical
CVE-2023-38647 was published for org.apache.helix:helix-core (Maven) Jul 26, 2023
Remote code execution in Apache Jackrabbit Critical
CVE-2023-37895 was published for org.apache.jackrabbit:jackrabbit-standalone (Maven) Jul 25, 2023
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier)... Critical Unreviewed
CVE-2023-38203 was published Jul 20, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message Critical
CVE-2023-26512 was published for org.apache.eventmesh:eventmesh-connector-rabbitmq (Maven) Jul 17, 2023
raboof
Credited to raboof
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and... Critical Unreviewed
CVE-2023-29300 was published Jul 12, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution Critical
CVE-2023-36825 was published for orchid/platform (Composer) Jul 11, 2023
catferq
Credited to catferq
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that... Critical Unreviewed
CVE-2023-34347 was published Jul 10, 2023
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which... Critical Unreviewed
CVE-2023-1399 was published Jul 6, 2023
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an... Critical Unreviewed
CVE-2023-28323 was published Jul 1, 2023
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8... Critical Unreviewed
CVE-2023-33299 was published Jun 23, 2023
Solon vulnerable to deserialization of untrusted data Critical
CVE-2023-35839 was published for org.noear:solon (Maven) Jun 19, 2023
xxl-rpc deserialization vulnerability Critical
CVE-2023-33496 was published for com.xuxueli:xxl-rpc-core (Maven) Jun 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database