GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,603
Composer 5,006
Erlang 39
GitHub Actions 38
Go 2,636
Maven 6,104
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,816

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,372 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it... High Unreviewed

CVE-2022-4237 was published Jan 3, 2023

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6... Critical Unreviewed

CVE-2022-4120 was published Dec 26, 2022

The system tool has inconsistent serialization and deserialization. Successful exploitation of... High Unreviewed

CVE-2022-41596 was published Dec 20, 2022

Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary... Critical Unreviewed

CVE-2021-38241 was published Dec 17, 2022

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the... Critical Unreviewed

CVE-2022-3900 was published Dec 12, 2022

The Shortcodes and extra features for Phlox WordPress plugin through 2.10.5 unserializes the... High Unreviewed

CVE-2022-3359 was published Dec 12, 2022

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin... Critical Unreviewed

CVE-2022-44351 was published Dec 7, 2022

hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). Critical Unreviewed

CVE-2022-44371 was published Dec 7, 2022

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability... High Unreviewed

CVE-2022-36964 was published Nov 29, 2022

The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0... High Unreviewed

CVE-2022-3490 was published Nov 28, 2022

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and... High Unreviewed

CVE-2022-3861 was published Nov 21, 2022

Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. High Unreviewed

CVE-2022-45077 was published Nov 18, 2022

** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability... Critical Unreviewed

CVE-2022-38650 was published Nov 12, 2022

** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare... Critical Unreviewed

CVE-2022-38652 was published Nov 12, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed

CVE-2022-44558 was published Nov 10, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful... Critical Unreviewed

CVE-2022-44559 was published Nov 10, 2022

The system framework layer has a vulnerability of serialization/deserialization mismatch.... Critical Unreviewed

CVE-2022-44562 was published Nov 10, 2022

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad)... High Unreviewed

CVE-2022-41203 was published Nov 9, 2022

In telephony, there is a possible permission bypass due to a parcel format mismatch. This could... High Unreviewed

CVE-2022-32601 was published Nov 9, 2022

Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording... Critical Unreviewed

CVE-2022-31199 was published Nov 8, 2022

Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non... High Unreviewed

CVE-2022-42919 was published Nov 7, 2022

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run... High Unreviewed

CVE-2022-43567 was published Nov 5, 2022

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied... Critical Unreviewed

CVE-2022-38142 was published Nov 1, 2022

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network... Critical Unreviewed

CVE-2022-41779 was published Nov 1, 2022

lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of... Critical Unreviewed

CVE-2022-44542 was published Nov 1, 2022

Previous 1…37…55 Next

Previous 1 2 … 35 36 37 38 39 … 54 55 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,372 advisories