Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

630 advisories

Loading
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality High
CVE-2025-8747 was published for keras (pip) Aug 12, 2025
io-no
Credited to io-no
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass High
GHSA-9gvj-pp9x-gcfr was published for picklescan (pip) Aug 12, 2025
Lyutoon
Credited to Lyutoon
Duplicate Advisory: Keras safe mode bypass vulnerability High
GHSA-pwq7-2gvj-vg9v was published for keras (pip) Aug 11, 2025 withdrawn
Apache Seata: Deserialization of untrusted Data in Apache Seata Server High
CVE-2025-53606 was published for org.apache.seata:seata-serializer-fury (Maven) Aug 8, 2025
SKOPS Card.get_model happily allows arbitrary code execution High
CVE-2025-54886 was published for skops (pip) Aug 7, 2025
io-no
Credited to io-no
MS SWIFT Deserialization RCE Vulnerability Moderate
GHSA-r54c-2xmf-2cf3 was published for ms-swift (pip) Jul 31, 2025
TencentAISec
Credited to TencentAISec
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization Low
CVE-2025-50460 was published for ms-swift (pip) Jul 31, 2025
Anchor0221
Credited to Anchor0221
akka-cluster-metrics uses Java serialization for cluster metrics Moderate
CVE-2025-53393 was published for com.typesafe.akka:akka-cluster-metrics_2.13 (Maven) Jun 29, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Critical
CVE-2025-32897 was published for org.apache.seata:seata-config-core (Maven) Jun 28, 2025
oscerd
Credited to oscerd
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
PowSyBl Core allows deserialization of untrusted SparseMatrix data High
CVE-2025-47771 was published for com.powsybl:powsybl-math (Maven) Jun 19, 2025
arthurscchan AdamKorcz
olperr1 rolnico
Credited to arthurscchan, AdamKorcz, olperr1, and rolnico
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27818 was published for org.apache.kafka:kafka (Maven) Jun 10, 2025
Apache Kafka Deserialization of Untrusted Data vulnerability High
CVE-2025-27819 was published for org.apache.kafka:kafka (Maven) Jun 10, 2025
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2025-27531 was published for org.apache.inlong:inlong-manager (Maven) Jun 6, 2025
laravel-auth0 SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-c42h-56wx-h85q was published for auth0/login (Composer) Jun 6, 2025
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-98j6-67v3-mw34 was published for auth0/symfony (Composer) Jun 6, 2025
Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data Critical
GHSA-862m-5253-832r was published for auth0/wordpress (Composer) Jun 5, 2025
Auth0-PHP SDK Deserialization of Untrusted Data vulnerability Critical
CVE-2025-48951 was published for auth0/auth0-php (Composer) Jun 4, 2025
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Critical
CVE-2025-49113 was published for roundcube/roundcubemail (Composer) Jun 2, 2025
Malayke
Credited to Malayke
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Moderate
CVE-2025-27528 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Moderate
CVE-2025-27526 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability during verification processing High
CVE-2025-27522 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
pypickle unsafe deserialization vulnerability Moderate
CVE-2025-5174 was published for pypickle (pip) May 26, 2025
HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability Moderate
CVE-2025-5173 was published for label-studio-ml (pip) May 26, 2025
FunAudioLLM InspireMusic deserialization vulnerability Moderate
CVE-2025-5148 was published for inspiremusic (pip) May 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database