Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,731
Erlang
35
GitHub Actions
29
Go
2,308
Maven
5,000+
npm
3,949
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,739 advisories

Loading
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability High
CVE-2020-15842 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for pytorch (pip) Apr 18, 2025
azraelxuemo
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Moderate
CVE-2025-27528 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Moderate
CVE-2025-27526 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
Apache InLong: JDBC Vulnerability during verification processing High
CVE-2025-27522 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
pypickle unsafe deserialization vulnerability Moderate
CVE-2025-5174 was published for pypickle (pip) May 26, 2025
FunAudioLLM InspireMusic deserialization vulnerability Moderate
CVE-2025-5148 was published for inspiremusic (pip) May 25, 2025
Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master... High Unreviewed
CVE-2024-32600 was published Apr 18, 2024
Xuxueli xxl-job template injection vulnerability Low
CVE-2024-3366 was published for com.xuxueli:xxl-job-core (Maven) Apr 6, 2024
AnonySE26
Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object... Critical Unreviewed
CVE-2025-48289 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows... Critical Unreviewed
CVE-2025-48287 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate allows Object... High Unreviewed
CVE-2025-47660 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway... Critical Unreviewed
CVE-2025-47532 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection.... Critical Unreviewed
CVE-2025-47530 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection.... Critical Unreviewed
CVE-2025-39499 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hotel allows Object... Critical Unreviewed
CVE-2025-39503 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency... Critical Unreviewed
CVE-2025-39485 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection.... Critical Unreviewed
CVE-2025-39495 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel allows Object... Critical Unreviewed
CVE-2025-39500 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection... Critical Unreviewed
CVE-2025-39480 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts allows Object... High Unreviewed
CVE-2025-31924 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert,... Critical Unreviewed
CVE-2025-32292 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant allows Object... High Unreviewed
CVE-2025-32293 was published May 23, 2025
Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection.... Critical Unreviewed
CVE-2025-47568 was published May 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database