GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,110
Erlang
29
GitHub Actions
19
Go
1,931
Maven
5,000+
npm
3,666
NuGet
642
pip
3,273
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,353 advisories
Filter by severity
Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This...
Critical
Unreviewed
CVE-2024-47636
was published
Oct 10, 2024
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be...
High
Unreviewed
CVE-2024-9005
was published
Oct 8, 2024
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-9314
was published
Oct 5, 2024
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Critical
CVE-2024-47561
was published
for
org.apache.avro:avro
(Maven)
Oct 3, 2024
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to,...
High
Unreviewed
CVE-2024-7432
was published
Oct 1, 2024
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to,...
High
Unreviewed
CVE-2024-7433
was published
Oct 1, 2024
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to,...
High
Unreviewed
CVE-2024-7434
was published
Oct 1, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Moderate
CVE-2024-45772
was published
for
org.apache.lucene:lucene-replicator
(Maven)
Sep 30, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP...
Critical
Unreviewed
CVE-2024-8353
was published
Sep 28, 2024
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is...
High
Unreviewed
CVE-2024-8922
was published
Sep 27, 2024
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the...
High
Unreviewed
CVE-2024-43191
was published
Sep 26, 2024
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is...
High
Unreviewed
CVE-2024-7576
was published
Sep 25, 2024
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is...
High
Unreviewed
CVE-2024-8316
was published
Sep 25, 2024
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object...
Critical
Unreviewed
CVE-2024-8514
was published
Sep 25, 2024
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is...
High
Unreviewed
CVE-2022-2439
was published
Sep 24, 2024
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).
This...
High
Unreviewed
CVE-2024-42323
was published
Sep 21, 2024
Reverb use after free vulnerability
Moderate
CVE-2024-8375
was published
for
dm-reverb
(pip)
Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
sqlitedict insecure deserialization vulnerability
High
CVE-2024-35515
was published
for
sqlitedict
(pip)
Sep 18, 2024
LangChain pickle deserialization of untrusted data
Moderate
CVE-2024-5998
was published
for
langchain-community
(pip)
Sep 17, 2024
Apache Seata Deserialization of Untrusted Data vulnerability
High
CVE-2024-22399
was published
for
org.apache.seata:seata-core
(Maven)
Sep 16, 2024
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the ...
High
Unreviewed
CVE-2022-2446
was published
Sep 13, 2024
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted...
Critical
Unreviewed
CVE-2024-41874
was published
Sep 13, 2024
Cleanlab Deserialization of Untrusted Data vulnerability
High
CVE-2024-45857
was published
for
cleanlab
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45852
was published
for
mindsdb
(pip)
Sep 12, 2024
ProTip!
Advisories are also available from the
GraphQL API