Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

631 advisories

Loading
Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code... High Unreviewed
CVE-2023-50220 was published May 3, 2024
TYPO3 Insecure Deserialization in Query Generator & Query View High
CVE-2019-19849 was published for typo3/cms (Composer) May 24, 2022
Froxlor PHP Object Injection vulnerability High
CVE-2018-1000527 was published for froxlor/froxlor (Composer) May 13, 2022
phpBB Remote Code Execution High
CVE-2018-19274 was published for phpbb/phpbb (Composer) May 13, 2022
Pimcore Unserialize Remote Code Execution High
CVE-2019-10867 was published for pimcore/pimcore (Composer) May 13, 2022
Drupal Core Remote Code Execution Vulnerability High
CVE-2019-6340 was published for drupal/core (Composer) May 13, 2022
Deserialization vulnerability exists in parso High
CVE-2019-12760 was published for parso (pip) Jun 13, 2019 withdrawn
timber/timber vulnerable to Deserialization of Untrusted Data High
CVE-2024-29800 was published for timber/timber (Composer) Apr 12, 2024
Sonicrrrr dennisenderink
Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master... High Unreviewed
CVE-2024-32600 was published Apr 18, 2024
Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects... High Unreviewed
CVE-2024-32603 was published Apr 18, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-21318 was published Jan 9, 2024
A vulnerability has been identified in LOGO! Soft Comfort (All versions). The vulnerability could... High Unreviewed
CVE-2019-10924 was published May 24, 2022
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via... High Unreviewed
CVE-2017-18604 was published May 24, 2022
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue... High Unreviewed
CVE-2024-31277 was published Apr 7, 2024
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to... High Unreviewed
CVE-2023-4386 was published Oct 20, 2023
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf... High Unreviewed
CVE-2022-3342 was published Oct 20, 2023
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with... High Unreviewed
CVE-2023-34052 was published Oct 20, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-35186 was published Oct 19, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-35180 was published Oct 19, 2023
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an... High Unreviewed
CVE-2023-4971 was published Oct 16, 2023
The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove... High Unreviewed
CVE-2023-4643 was published Oct 16, 2023
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization... High Unreviewed
CVE-2023-3154 was published Oct 16, 2023
The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the... High Unreviewed
CVE-2023-3392 was published Oct 16, 2023
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute... High Unreviewed
CVE-2023-43176 was published Oct 3, 2023
Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization... High Unreviewed
CVE-2023-43268 was published Oct 2, 2023
ProTip! Advisories are also available from the GraphQL API