Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This... Critical Unreviewed
CVE-2025-31927 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in designthemes Pet World allows Object Injection... High Unreviewed
CVE-2025-32284 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House allows Object... Critical Unreviewed
CVE-2025-31631 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection.... Critical Unreviewed
CVE-2025-31430 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This... Critical Unreviewed
CVE-2025-31049 was published May 23, 2025
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2023-7064 was published May 2, 2024
The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable... High Unreviewed
CVE-2025-4803 was published May 21, 2025
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes,... Critical Unreviewed
CVE-2024-5488 was published Jul 9, 2024
The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution Critical
CVE-2025-48200 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an... Moderate Unreviewed
CVE-2025-0767 was published Feb 27, 2025
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service Critical
CVE-2025-47277 was published for vllm (pip) May 20, 2025
kikayli russellb
funscoietyxboyz
Credited to kikayli, russellb, and funscoietyxboyz
An authenticated user can modify application state data. High Unreviewed
CVE-2025-48018 was published May 20, 2025
InvokeAI Deserialization of Untrusted Data vulnerability Critical
CVE-2024-12029 was published for InvokeAI (pip) Mar 21, 2025
zly123987
Credited to zly123987
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows... Critical Unreviewed
CVE-2025-39348 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object... Critical Unreviewed
CVE-2025-39354 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This... Critical Unreviewed
CVE-2025-32928 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows... Critical Unreviewed
CVE-2025-39356 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar... Critical Unreviewed
CVE-2025-47581 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection... Critical Unreviewed
CVE-2025-32927 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object... Critical Unreviewed
CVE-2025-39349 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder -... Critical Unreviewed
CVE-2025-39410 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot... Critical Unreviewed
CVE-2025-47582 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object... High Unreviewed
CVE-2025-48134 was published May 16, 2025
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). Critical Unreviewed
CVE-2018-18446 was published Oct 13, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). Critical Unreviewed
CVE-2018-18447 was published Oct 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database