Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,767
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,770 advisories

Loading
The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed
CVE-2025-3623 was published May 14, 2025
ThinkAdmin insecure unserialize vulnerability Critical
CVE-2020-23653 was published for zoujingli/thinkadmin (Composer) May 24, 2022
AnonySE26
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency Moderate
CVE-2024-28859 was published for friendsofsymfony1/swiftmailer (Composer) Mar 18, 2024
darkpills
A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7.... Moderate Unreviewed
CVE-2025-3250 was published Apr 4, 2025
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). Critical Unreviewed
CVE-2018-18446 was published Oct 13, 2022
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). Critical Unreviewed
CVE-2018-18447 was published Oct 13, 2022
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object... High Unreviewed
CVE-2025-48134 was published May 16, 2025
Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot... Critical Unreviewed
CVE-2025-47582 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder -... Critical Unreviewed
CVE-2025-39410 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object... Critical Unreviewed
CVE-2025-39354 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object... Critical Unreviewed
CVE-2025-39349 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows... Critical Unreviewed
CVE-2025-39348 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar... Critical Unreviewed
CVE-2025-47581 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This... Critical Unreviewed
CVE-2025-32928 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows... Critical Unreviewed
CVE-2025-39356 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection... Critical Unreviewed
CVE-2025-32927 was published May 19, 2025
InvokeAI Deserialization of Untrusted Data vulnerability Critical
CVE-2024-12029 was published for InvokeAI (pip) Mar 21, 2025
zly123987
An authenticated user can modify application state data. High Unreviewed
CVE-2025-48018 was published May 20, 2025
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service Critical
CVE-2025-47277 was published for vllm (pip) May 20, 2025
kikayli russellb
omjeki
WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an... Moderate Unreviewed
CVE-2025-0767 was published Feb 27, 2025
The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution Critical
CVE-2025-48200 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes,... Critical Unreviewed
CVE-2024-5488 was published Jul 9, 2024
The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable... High Unreviewed
CVE-2025-4803 was published May 21, 2025
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2023-7064 was published May 2, 2024
Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business... Critical Unreviewed
CVE-2025-31069 was published May 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database