Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to... Critical Unreviewed
CVE-2020-36726 was published Jun 7, 2023
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions... Critical Unreviewed
CVE-2020-36727 was published Jun 7, 2023
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in... Critical Unreviewed
CVE-2020-36718 was published Jun 7, 2023
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote... Critical Unreviewed
CVE-2023-27068 was published May 23, 2023
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due... Critical Unreviewed
CVE-2023-32336 was published May 22, 2023
glazedlists XML Deserialization vulnerability Critical
CVE-2023-31890 was published for com.glazedlists:glazedlists (Maven) May 16, 2023
The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX... Critical Unreviewed
CVE-2023-1650 was published May 8, 2023
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently... Critical Unreviewed
CVE-2023-1967 was published Apr 28, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ... Critical Unreviewed
CVE-2023-20853 was published Apr 27, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ... Critical Unreviewed
CVE-2023-20852 was published Apr 27, 2023
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated,... Critical Unreviewed
CVE-2023-20864 was published Apr 20, 2023
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to... Critical Unreviewed
CVE-2021-28254 was published Apr 19, 2023
Apache Linkis DatasourceManager module has deserialization vulnerability Critical
CVE-2023-29216 was published for org.apache.linkis:linkis-datasource (Maven) Apr 10, 2023
Apache Linkis JDBC EngineConn has deserialization vulnerability Critical
CVE-2023-29215 was published for org.apache.linkis:linkis-engineconn (Maven) Apr 10, 2023
** UNSUPPORTED WHEN ASSIGNED ** A Java insecure deserialization vulnerability in Adobe LiveCycle... Critical Unreviewed
CVE-2023-28500 was published Apr 6, 2023
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2020-29312 was published Apr 4, 2023
Payara Server allows remote attackers to load malicious code on the server once a JNDI directory scan is performed Critical
CVE-2023-28462 was published for fish.payara.server:payara-aggregator (Maven) Mar 30, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36977 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36978 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36974 was published Mar 29, 2023
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in... Critical Unreviewed
CVE-2023-1133 was published Mar 27, 2023
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are... Critical Unreviewed
CVE-2023-26359 was published Mar 23, 2023
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure... Critical Unreviewed
CVE-2023-28667 was published Mar 22, 2023
PHAR deserialization allowing remote code execution Critical
CVE-2023-28115 was published for knplabs/knp-snappy (Composer) Mar 17, 2023
psmoros nightfury99
Credited to psmoros and nightfury99
Apache Dubbo vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-23638 was published for org.apache.dubbo:dubbo (Maven) Mar 8, 2023
loganaden
Credited to loganaden
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database