Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

359 advisories

Loading
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object... Critical Unreviewed
CVE-2024-49318 was published Oct 17, 2024
Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows... Critical Unreviewed
CVE-2024-48026 was published Oct 16, 2024
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection... Critical Unreviewed
CVE-2024-48028 was published Oct 16, 2024
Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows... Critical Unreviewed
CVE-2024-48030 was published Oct 16, 2024
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object... Critical Unreviewed
CVE-2024-49218 was published Oct 16, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-9634 was published Oct 16, 2024
Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback... Critical Unreviewed
CVE-2024-48033 was published Oct 11, 2024
Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This... Critical Unreviewed
CVE-2024-47636 was published Oct 10, 2024
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2018-2628 was published May 14, 2022
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-8353 was published Sep 28, 2024
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces)... Critical Unreviewed
CVE-2022-21445 was published Apr 20, 2022
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object... Critical Unreviewed
CVE-2024-8514 was published Sep 25, 2024
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted... Critical Unreviewed
CVE-2024-41874 was published Sep 13, 2024
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024... Critical Unreviewed
CVE-2024-29847 was published Sep 12, 2024
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution... Critical Unreviewed
CVE-2024-28991 was published Sep 12, 2024
Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data. Critical Unreviewed
CVE-2023-37227 was published Sep 10, 2024
An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects... Critical Unreviewed
CVE-2022-34268 was published Dec 25, 2023
A deserialization of untrusted data vulnerability with a malicious payload can allow an... Critical Unreviewed
CVE-2024-40711 was published Sep 7, 2024
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to... Critical Unreviewed
CVE-2024-37288 was published Sep 9, 2024
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to... Critical Unreviewed
CVE-2024-45758 was published Sep 6, 2024
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core... Critical Unreviewed
CVE-2023-46817 was published Nov 3, 2023
A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to... Critical Unreviewed
CVE-2024-29433 was published Apr 1, 2024
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2024-8016 was published Aug 30, 2024
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This... Critical Unreviewed
CVE-2024-43931 was published Aug 29, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store... Critical Unreviewed
CVE-2024-8030 was published Aug 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database