Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7.... Moderate Unreviewed
CVE-2025-3250 was published Apr 4, 2025
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency Moderate
CVE-2024-28859 was published for friendsofsymfony1/swiftmailer (Composer) Mar 18, 2024
darkpills
Credited to darkpills
ThinkAdmin insecure unserialize vulnerability Critical
CVE-2020-23653 was published for zoujingli/thinkadmin (Composer) May 24, 2022
AnonySE26
Credited to AnonySE26
The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed
CVE-2025-3623 was published May 14, 2025
A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This... Moderate Unreviewed
CVE-2025-0734 was published Jan 27, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker... High Unreviewed
CVE-2025-30378 was published May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker... High Unreviewed
CVE-2025-30382 was published May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker... High Unreviewed
CVE-2025-30384 was published May 13, 2025
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java... Low Unreviewed
CVE-2025-30012 was published May 13, 2025
Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social... High Unreviewed
CVE-2024-2721 was published Mar 20, 2024
Deserialization of Untrusted Data in Bouncy castle Critical
CVE-2018-1000613 was published for org.bouncycastle:bcprov-jdk15on (Maven) Oct 17, 2018
jkmartindale
Credited to jkmartindale
An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation... Moderate Unreviewed
CVE-2025-46738 was published May 12, 2025
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Critical
CVE-2020-8165 was published for activesupport (RubyGems) May 26, 2020
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2022-23734 was published Oct 19, 2022
Microsoft Dataverse Remote Code Execution Vulnerability High Unreviewed
CVE-2025-47732 was published May 9, 2025
The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX... Moderate Unreviewed
CVE-2024-3591 was published May 1, 2024
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed
CVE-2022-38108 was published Oct 21, 2022
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary... Critical Unreviewed
CVE-2024-23759 was published Feb 13, 2024
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-2485 was published Mar 28, 2025
Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects... Moderate Unreviewed
CVE-2024-34433 was published May 14, 2024
Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution Critical
CVE-2025-30065 was published for org.apache.parquet:parquet-avro (Maven) Apr 1, 2025
Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows... High Unreviewed
CVE-2025-47683 was published May 7, 2025
Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object... High Unreviewed
CVE-2025-47629 was published May 7, 2025
The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to,... Critical Unreviewed
CVE-2025-0855 was published May 7, 2025
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7.... Moderate Unreviewed
CVE-2025-2855 was published Mar 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database