Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,770 advisories

Loading
Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Moderate
CVE-2025-27526 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Moderate
CVE-2025-27528 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for pytorch (pip) Apr 18, 2025
azraelxuemo
Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability High
CVE-2020-15842 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object... Critical Unreviewed
CVE-2025-48336 was published May 29, 2025
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects... High Unreviewed
CVE-2024-30222 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects... Critical Unreviewed
CVE-2024-30223 was published Mar 28, 2024
Unsafe deserialization in SmtpTransport in CakePHP High
CVE-2019-11458 was published for cakephp/cakephp (Composer) Dec 2, 2019
ravage84 decsecre583
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
decsecre583
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020... Critical Unreviewed
CVE-2025-5086 was published Jun 2, 2025
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object... Moderate Unreviewed
CVE-2025-2939 was published Jun 3, 2025
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation... Critical Unreviewed
CVE-2022-39008 was published Sep 17, 2022
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55637 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability Low
CVE-2024-55636 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55638 was published for drupal/core (Composer) Dec 10, 2024
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an... Low Unreviewed
CVE-2025-20276 was published Jun 4, 2025
A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX)... Moderate Unreviewed
CVE-2025-20275 was published Jun 4, 2025
pypickle unsafe deserialization vulnerability Moderate
CVE-2025-5174 was published for pypickle (pip) May 26, 2025
Auth0-PHP SDK Deserialization of Untrusted Data vulnerability Critical
CVE-2025-48951 was published for auth0/auth0-php (Composer) Jun 4, 2025
Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data Critical
GHSA-862m-5253-832r was published for auth0/wordpress (Composer) Jun 5, 2025
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is... High Unreviewed
CVE-2024-1895 was published Apr 30, 2024
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-98j6-67v3-mw34 was published for auth0/symfony (Composer) Jun 6, 2025
A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD... Critical Unreviewed
CVE-2025-48780 was published Jun 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database