Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,002 advisories

Loading
The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all... Moderate Unreviewed
CVE-2025-8871 was published Nov 5, 2025
GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A... High Unreviewed
CVE-2025-34489 was published Apr 28, 2025
Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to... Critical Unreviewed
CVE-2025-34153 was published Aug 13, 2025
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... Moderate Unreviewed
CVE-2025-30761 was published Jul 15, 2025
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote... High Unreviewed
CVE-2025-34491 was published Apr 28, 2025
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service High
CVE-2024-22871 was published for org.clojure:clojure (Maven) Feb 29, 2024
puredanger
Credited to puredanger
RDoc RCE vulnerability with .rdoc_options Low
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul
Credited to DarkaMaul
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
Credited to sunSUNQ
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
Credited to r00t4dm
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Low Unreviewed
CVE-2024-21217 was published Oct 15, 2024
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization Critical
CVE-2017-20189 was published for org.clojure:clojure (Maven) Jan 22, 2024
Apache ActiveMQ is vulnerable to Remote Code Execution Critical
CVE-2023-46604 was published for org.apache.activemq:activemq-client (Maven) Oct 27, 2023
nmarcoccio sunSUNQ
Credited to nmarcoccio and sunSUNQ
Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non... High Unreviewed
CVE-2022-42919 was published Nov 7, 2022
A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality... High Unreviewed
CVE-2025-24919 was published Jun 14, 2025
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object... High Unreviewed
CVE-2025-64353 was published Oct 31, 2025
cryptidy allows code execution via untrusted data due to pickle.loads Moderate
CVE-2025-63675 was published for cryptidy (pip) Oct 31, 2025
Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows... High Unreviewed
CVE-2025-60228 was published Oct 22, 2025
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate
CVE-2025-12058 was published for keras (pip) Oct 29, 2025
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor Moderate
CVE-2025-10164 was published for sglang (pip) Sep 9, 2025
m1ssya
Credited to m1ssya
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables Low
CVE-2025-61677 was published for datachain (pip) Oct 2, 2025
gothburz
Credited to gothburz
A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2025-11938 was published Oct 19, 2025
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from... Critical Unreviewed
CVE-2025-34292 was published Oct 27, 2025
The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted... High Unreviewed
CVE-2025-46183 was published Oct 24, 2025
Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product... High Unreviewed
CVE-2025-62008 was published Oct 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database