GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
359 advisories
Filter by severity
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object...
Critical
Unreviewed
CVE-2024-49318
was published
Oct 17, 2024
Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows...
Critical
Unreviewed
CVE-2024-48030
was published
Oct 16, 2024
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object...
Critical
Unreviewed
CVE-2024-49218
was published
Oct 16, 2024
Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows...
Critical
Unreviewed
CVE-2024-48026
was published
Oct 16, 2024
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection...
Critical
Unreviewed
CVE-2024-48028
was published
Oct 16, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP...
Critical
Unreviewed
CVE-2024-9634
was published
Oct 16, 2024
Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback...
Critical
Unreviewed
CVE-2024-48033
was published
Oct 11, 2024
Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This...
Critical
Unreviewed
CVE-2024-47636
was published
Oct 10, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP...
Critical
Unreviewed
CVE-2024-8353
was published
Sep 28, 2024
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object...
Critical
Unreviewed
CVE-2024-8514
was published
Sep 25, 2024
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted...
Critical
Unreviewed
CVE-2024-41874
was published
Sep 13, 2024
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution...
Critical
Unreviewed
CVE-2024-28991
was published
Sep 12, 2024
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024...
Critical
Unreviewed
CVE-2024-29847
was published
Sep 12, 2024
Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.
Critical
Unreviewed
CVE-2023-37227
was published
Sep 10, 2024
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to...
Critical
Unreviewed
CVE-2024-37288
was published
Sep 9, 2024
A deserialization of untrusted data vulnerability with a malicious payload can allow an...
Critical
Unreviewed
CVE-2024-40711
was published
Sep 7, 2024
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to...
Critical
Unreviewed
CVE-2024-45758
was published
Sep 6, 2024
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all...
Critical
Unreviewed
CVE-2024-8016
was published
Aug 30, 2024
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This...
Critical
Unreviewed
CVE-2024-43931
was published
Aug 29, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store...
Critical
Unreviewed
CVE-2024-8030
was published
Aug 28, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store...
Critical
Unreviewed
CVE-2024-5335
was published
Aug 21, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP...
Critical
Unreviewed
CVE-2024-5932
was published
Aug 20, 2024
Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue...
Critical
Unreviewed
CVE-2024-43354
was published
Aug 19, 2024
Deserialization of Untrusted Data vulnerability in Crew HRM allows Object Injection.This issue...
Critical
Unreviewed
CVE-2024-43252
was published
Aug 19, 2024
Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object...
Critical
Unreviewed
CVE-2024-43242
was published
Aug 19, 2024
ProTip!
Advisories are also available from the
GraphQL API