Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

745 advisories

Loading
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Critical
CVE-2025-49113 was published for roundcube/roundcubemail (Composer) Jun 2, 2025
Malayke
Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet Dessert allows Object... Critical Unreviewed
CVE-2025-49073 was published Jun 6, 2025
Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object... Critical Unreviewed
CVE-2025-49072 was published Jun 6, 2025
laravel-auth0 SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-c42h-56wx-h85q was published for auth0/login (Composer) Jun 6, 2025
A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD... Critical Unreviewed
CVE-2025-48780 was published Jun 6, 2025
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-98j6-67v3-mw34 was published for auth0/symfony (Composer) Jun 6, 2025
Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data Critical
GHSA-862m-5253-832r was published for auth0/wordpress (Composer) Jun 5, 2025
Auth0-PHP SDK Deserialization of Untrusted Data vulnerability Critical
CVE-2025-48951 was published for auth0/auth0-php (Composer) Jun 4, 2025
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation... Critical Unreviewed
CVE-2022-39008 was published Sep 17, 2022
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020... Critical Unreviewed
CVE-2025-5086 was published Jun 2, 2025
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects... Critical Unreviewed
CVE-2024-30223 was published Mar 28, 2024
Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object... Critical Unreviewed
CVE-2025-48336 was published May 29, 2025
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for pytorch (pip) Apr 18, 2025
azraelxuemo
Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object... Critical Unreviewed
CVE-2025-48289 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows... Critical Unreviewed
CVE-2025-48287 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection.... Critical Unreviewed
CVE-2025-47530 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway... Critical Unreviewed
CVE-2025-47532 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection.... Critical Unreviewed
CVE-2025-39499 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hotel allows Object... Critical Unreviewed
CVE-2025-39503 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel allows Object... Critical Unreviewed
CVE-2025-39500 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection.... Critical Unreviewed
CVE-2025-47568 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection... Critical Unreviewed
CVE-2025-39480 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection.... Critical Unreviewed
CVE-2025-39495 was published May 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database