GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
631 advisories
Filter by severity
Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code...
High
Unreviewed
CVE-2023-50220
was published
May 3, 2024
TYPO3 Insecure Deserialization in Query Generator & Query View
High
CVE-2019-19849
was published
for
typo3/cms
(Composer)
May 24, 2022
Froxlor PHP Object Injection vulnerability
High
CVE-2018-1000527
was published
for
froxlor/froxlor
(Composer)
May 13, 2022
phpBB Remote Code Execution
High
CVE-2018-19274
was published
for
phpbb/phpbb
(Composer)
May 13, 2022
Pimcore Unserialize Remote Code Execution
High
CVE-2019-10867
was published
for
pimcore/pimcore
(Composer)
May 13, 2022
Drupal Core Remote Code Execution Vulnerability
High
CVE-2019-6340
was published
for
drupal/core
(Composer)
May 13, 2022
Deserialization vulnerability exists in parso
High
CVE-2019-12760
was published
for
parso
(pip)
Jun 13, 2019
•
withdrawn
timber/timber vulnerable to Deserialization of Untrusted Data
High
CVE-2024-29800
was published
for
timber/timber
(Composer)
Apr 12, 2024
Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master...
High
Unreviewed
CVE-2024-32600
was published
Apr 18, 2024
Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects...
High
Unreviewed
CVE-2024-32603
was published
Apr 18, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-21318
was published
Jan 9, 2024
A vulnerability has been identified in LOGO! Soft Comfort (All versions). The vulnerability could...
High
Unreviewed
CVE-2019-10924
was published
May 24, 2022
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via...
High
Unreviewed
CVE-2017-18604
was published
May 24, 2022
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue...
High
Unreviewed
CVE-2024-31277
was published
Apr 7, 2024
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to...
High
Unreviewed
CVE-2023-4386
was published
Oct 20, 2023
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf...
High
Unreviewed
CVE-2022-3342
was published
Oct 20, 2023
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with...
High
Unreviewed
CVE-2023-34052
was published
Oct 20, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2023-35186
was published
Oct 19, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2023-35180
was published
Oct 19, 2023
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an...
High
Unreviewed
CVE-2023-4971
was published
Oct 16, 2023
The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove...
High
Unreviewed
CVE-2023-4643
was published
Oct 16, 2023
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization...
High
Unreviewed
CVE-2023-3154
was published
Oct 16, 2023
The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the...
High
Unreviewed
CVE-2023-3392
was published
Oct 16, 2023
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute...
High
Unreviewed
CVE-2023-43176
was published
Oct 3, 2023
Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization...
High
Unreviewed
CVE-2023-43268
was published
Oct 2, 2023
ProTip!
Advisories are also available from the
GraphQL API