Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,447
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted... Critical Unreviewed
CVE-2023-39475 was published May 3, 2024
Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore... Critical Unreviewed
CVE-2024-33553 was published Apr 29, 2024
Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution... Critical Unreviewed
CVE-2023-51570 was published Apr 2, 2024
A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to... Critical Unreviewed
CVE-2024-29433 was published Apr 1, 2024
Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This... Critical Unreviewed
CVE-2024-31094 was published Mar 31, 2024
Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue... Critical Unreviewed
CVE-2024-30227 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects... Critical Unreviewed
CVE-2024-30224 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects... Critical Unreviewed
CVE-2024-30225 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue... Critical Unreviewed
CVE-2024-30228 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects... Critical Unreviewed
CVE-2024-30226 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects... Critical Unreviewed
CVE-2024-30223 was published Mar 28, 2024
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied... Critical Unreviewed
CVE-2024-2054 was published Mar 21, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code... Critical Unreviewed
CVE-2024-1800 was published Mar 20, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
nGrinder vulnerable to unsafe Java objects deserialization Critical
CVE-2024-28213 was published for org.ngrinder:ngrinder-core (Maven) Mar 7, 2024
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute... Critical Unreviewed
CVE-2024-28212 was published Mar 7, 2024
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be... Critical Unreviewed
CVE-2024-28211 was published Mar 7, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability Critical
CVE-2024-26580 was published for org.apache.inlong:manager-common (Maven) Mar 6, 2024
oscerd
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop... Critical Unreviewed
CVE-2024-24302 was published Mar 3, 2024
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-23052 was published Feb 29, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution... Critical Unreviewed
CVE-2023-40057 was published Feb 15, 2024
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue... Critical Unreviewed
CVE-2024-25100 was published Feb 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database