Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,002 advisories

Loading
Horovod Vulnerable to Command Injection Critical
CVE-2024-10190 was published for horovod (pip) Mar 20, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Low
CVE-2024-47552 was published for org.apache.seata:seata-config-core (Maven) Mar 20, 2025
vLLM Allows Remote Code Execution via Mooncake Integration Critical
CVE-2025-29783 was published for vllm (pip) Mar 19, 2025
JosephTLucas russellb
kexinoh
Credited to JosephTLucas, russellb, and kexinoh
The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2024-13410 was published Mar 19, 2025
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager... High Unreviewed
CVE-2025-26921 was published Mar 16, 2025
Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
CVE-2025-2000 was published for qiskit (pip) Mar 14, 2025
Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
GHSA-3pwp-2fqj-6g2p was published for qiskit (pip) Mar 14, 2025 withdrawn
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object... Critical Unreviewed
CVE-2024-13824 was published Mar 14, 2025
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection... High Unreviewed
CVE-2024-10942 was published Mar 13, 2025
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-33cr-m232-xqch was published for github.com/cheqd/cheqd-node (Go) Mar 11, 2025
swelf19
Credited to swelf19
Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input. High Unreviewed
CVE-2025-27925 was published Mar 11, 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT Critical
CVE-2025-24813 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 10, 2025
westonsteimel xuanzern
Credited to westonsteimel and xuanzern
VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of... Critical Unreviewed
CVE-2025-25940 was published Mar 10, 2025
The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for... High Unreviewed
CVE-2024-13906 was published Mar 7, 2025
A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting... Critical Unreviewed
CVE-2025-27816 was published Mar 7, 2025
A deserialization of untrusted data vulnerability exists in NI G Web Development Software that... High Unreviewed
CVE-2024-12742 was published Mar 6, 2025
dmlc/dgl Vulnerable to Remote Code Execution by Pickle Deserialization via rpc.recv_request() High
GHSA-3x5x-fw77-g54c was published for dgl (pip) Mar 5, 2025
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13777 was published Mar 5, 2025
The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection... Critical Unreviewed
CVE-2024-13787 was published Mar 5, 2025
The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions... Critical Unreviewed
CVE-2025-0912 was published Mar 4, 2025
Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid allows Object Injection... High Unreviewed
CVE-2025-26999 was published Mar 3, 2025
Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory... High Unreviewed
CVE-2025-26967 was published Mar 3, 2025
Deserialization of Untrusted Data vulnerability in Brent Jett Assistant allows Object Injection.... High Unreviewed
CVE-2025-26885 was published Mar 3, 2025
Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk... High Unreviewed
CVE-2024-47092 was published Mar 3, 2025
The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection... High Unreviewed
CVE-2024-13833 was published Mar 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database