Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,002 advisories

Loading
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute... Critical Unreviewed
CVE-2025-20124 was published Feb 5, 2025
Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for... Critical Unreviewed
CVE-2025-24661 was published Feb 3, 2025
The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object... Critical Unreviewed
CVE-2024-13742 was published Jan 30, 2025
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache Moderate
CVE-2025-24794 was published for snowflake-connector-python (pip) Jan 29, 2025
NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a... Moderate Unreviewed
CVE-2024-0140 was published Jan 28, 2025
A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This... Moderate Unreviewed
CVE-2025-0734 was published Jan 27, 2025
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator High
CVE-2025-24357 was published for vllm (pip) Jan 27, 2025
DogeWatch russellb
Credited to DogeWatch and russellb
Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows... Critical Unreviewed
CVE-2025-24671 was published Jan 27, 2025
Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection.... Critical Unreviewed
CVE-2025-24601 was published Jan 27, 2025
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-12600 was published Jan 25, 2025
Pre-authentication deserialization of untrusted data vulnerability has been identified in the... Critical Unreviewed
CVE-2025-23006 was published Jan 23, 2025
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2... High Unreviewed
CVE-2024-31903 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows... Critical Unreviewed
CVE-2025-23914 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM allows Object Injection.... High Unreviewed
CVE-2025-23944 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection.... Critical Unreviewed
CVE-2025-23932 was published Jan 22, 2025
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in... High Unreviewed
CVE-2025-0429 was published Jan 22, 2025
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in... High Unreviewed
CVE-2025-0428 was published Jan 22, 2025
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to... High Unreviewed
CVE-2024-49744 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This... Critical Unreviewed
CVE-2024-49688 was published Jan 21, 2025
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This... High Unreviewed
CVE-2024-49699 was published Jan 21, 2025
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2024-10936 was published Jan 21, 2025
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote... High Unreviewed
CVE-2025-0586 was published Jan 20, 2025
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of... High Unreviewed
CVE-2024-12703 was published Jan 17, 2025
Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders Moderate
CVE-2024-56515 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed
CVE-2024-57766 was published Jan 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database