Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can... Critical Unreviewed
CVE-2025-42980 was published Jul 8, 2025
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables... Critical Unreviewed
CVE-2025-42963 was published Jul 8, 2025
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload... Critical Unreviewed
CVE-2025-42964 was published Jul 8, 2025
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative... Critical Unreviewed
CVE-2025-42966 was published Jul 8, 2025
Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution... Critical Unreviewed
CVE-2025-6810 was published Jul 7, 2025
Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code... Critical Unreviewed
CVE-2025-6811 was published Jul 7, 2025
Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi... Critical Unreviewed
CVE-2025-49417 was published Jul 4, 2025
An unauthenticated remote command execution vulnerability exists in the applyCT component of the... Critical Unreviewed
CVE-2025-34067 was published Jul 2, 2025
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... Critical Unreviewed
CVE-2024-13786 was published Jul 2, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Critical
CVE-2025-32897 was published for org.apache.seata:seata-config-core (Maven) Jun 28, 2025
oscerd
Credited to oscerd
Deserialization of Untrusted Data vulnerability in pebas CouponXxL allows Object Injection. This... Critical Unreviewed
CVE-2025-52725 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk allows Object Injection.... Critical Unreviewed
CVE-2025-52724 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms allows Object... Critical Unreviewed
CVE-2025-52709 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic allows Object... Critical Unreviewed
CVE-2025-28970 was published Jun 27, 2025
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2025-36038 was published Jun 26, 2025
Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability.... Critical Unreviewed
CVE-2025-2566 was published Jun 24, 2025
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5... Critical Unreviewed
CVE-2025-25034 was published Jun 20, 2025
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could... Critical Unreviewed
CVE-2025-49217 was published Jun 17, 2025
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could... Critical Unreviewed
CVE-2025-49212 was published Jun 17, 2025
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could... Critical Unreviewed
CVE-2025-49213 was published Jun 17, 2025
An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could... Critical Unreviewed
CVE-2025-49219 was published Jun 17, 2025
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could... Critical Unreviewed
CVE-2025-49220 was published Jun 17, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and... Critical Unreviewed
CVE-2025-49330 was published Jun 17, 2025
Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce... Critical Unreviewed
CVE-2025-30618 was published Jun 17, 2025
Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This... Critical Unreviewed
CVE-2025-31919 was published Jun 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database