Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,002 advisories

Loading
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2025-62204 was published Nov 11, 2025
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is... High Unreviewed
CVE-2025-12099 was published Nov 8, 2025
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc High
GHSA-f83h-ghpp-7wcc was published for pdfminer.six (pip) Nov 7, 2025
sumanrox
Credited to sumanrox
Arbitrary Code Execution in pdfminer.six via Crafted PDF Input High
GHSA-wf5f-4jwr-ppcp was published for pdfminer.six (pip) Nov 7, 2025
mtolley
Credited to mtolley
Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from... High Unreviewed
CVE-2025-62035 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user... Unknown Unreviewed
CVE-2025-60245 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress... High Unreviewed
CVE-2025-58592 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows... High Unreviewed
CVE-2025-58619 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi... High Unreviewed
CVE-2025-54719 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft... Unknown Unreviewed
CVE-2025-58636 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows... Unknown Unreviewed
CVE-2025-58998 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object... Critical Unreviewed
CVE-2025-53586 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection... Critical Unreviewed
CVE-2025-53242 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets... Critical Unreviewed
CVE-2025-49393 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve... Critical Unreviewed
CVE-2025-49386 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite... Critical Unreviewed
CVE-2025-48086 was published Nov 6, 2025
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer High
CVE-2025-64439 was published for langgraph-checkpoint (pip) Nov 5, 2025
joernchen
Credited to joernchen
The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all... Moderate Unreviewed
CVE-2025-8871 was published Nov 5, 2025
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object... High Unreviewed
CVE-2025-64353 was published Oct 31, 2025
cryptidy allows code execution via untrusted data due to pickle.loads Moderate
CVE-2025-63675 was published for cryptidy (pip) Oct 31, 2025
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate
CVE-2025-12058 was published for keras (pip) Oct 29, 2025
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function... Moderate Unreviewed
CVE-2025-12305 was published Oct 27, 2025
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from... Critical Unreviewed
CVE-2025-34292 was published Oct 27, 2025
The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted... High Unreviewed
CVE-2025-46183 was published Oct 24, 2025
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization Moderate
GHSA-cq46-m9x9-j8w2 was published for scapy (pip) Oct 22, 2025
anotherik
Credited to anotherik
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database