Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration High
CVE-2025-30165 was published for vllm (pip) May 6, 2025
avioligo russellb
Credited to avioligo and russellb
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an... Critical Unreviewed
CVE-2023-28323 was published Jul 1, 2023
Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
CVE-2025-2000 was published for qiskit (pip) Mar 14, 2025
The system framework layer has a vulnerability of serialization/deserialization mismatch.... Critical Unreviewed
CVE-2022-44562 was published Nov 10, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44558 was published Nov 10, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed
CVE-2022-44559 was published Nov 10, 2022
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly... Critical Unreviewed
CVE-2017-9844 was published May 14, 2022
NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an... High Unreviewed
CVE-2025-23254 was published May 1, 2025
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints Critical
CVE-2024-9053 was published for vllm (pip) Mar 20, 2025
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Low Unreviewed
CVE-2023-35814 was published Apr 28, 2025
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on... Low Unreviewed
CVE-2023-35815 was published Apr 28, 2025
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2025-2105 was published Apr 26, 2025
Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer... High Unreviewed
CVE-2025-46481 was published Apr 24, 2025
Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection.... High Unreviewed
CVE-2025-46473 was published Apr 24, 2025
LMDeploy Improper Input Validation Vulnerability Moderate
CVE-2025-3162 was published for lmdeploy (pip) Apr 3, 2025
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability Critical
CVE-2025-29953 was published for Apache.NMS.ActiveMQ (NuGet) Apr 18, 2025
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization Critical
CVE-2025-32375 was published for bentoml (pip) Apr 9, 2025
SeaW1nd
Credited to SeaW1nd
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of... High Unreviewed
CVE-2025-23249 was published Apr 22, 2025
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads... Critical Unreviewed
CVE-2017-17672 was published May 14, 2022
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com... Critical Unreviewed
CVE-2017-14702 was published May 13, 2022
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3... Critical Unreviewed
CVE-2017-11153 was published May 13, 2022
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization... Critical Unreviewed
CVE-2017-4914 was published May 17, 2022
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to... Critical Unreviewed
CVE-2017-9363 was published May 17, 2022
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that... High Unreviewed
CVE-2017-7293 was published May 13, 2022
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent... High Unreviewed
CVE-2016-4483 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database