GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
830 advisories
Filter by severity
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).
This...
Unknown
Unreviewed
CVE-2024-42323
was published
Sep 21, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21839
was published
Jan 18, 2023
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it...
Moderate
Unreviewed
CVE-2020-0618
was published
May 24, 2022
A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1....
Moderate
Unreviewed
CVE-2023-2042
was published
Apr 14, 2023
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the ...
High
Unreviewed
CVE-2022-2446
was published
Sep 13, 2024
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted...
Critical
Unreviewed
CVE-2024-41874
was published
Sep 13, 2024
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024...
Critical
Unreviewed
CVE-2024-29847
was published
Sep 12, 2024
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution...
Critical
Unreviewed
CVE-2024-28991
was published
Sep 12, 2024
Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.
Critical
Unreviewed
CVE-2023-37227
was published
Sep 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-38018
was published
Sep 10, 2024
Microsoft SharePoint Server Denial of Service Vulnerability
Moderate
Unreviewed
CVE-2024-43466
was published
Sep 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-43464
was published
Sep 10, 2024
An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects...
Critical
Unreviewed
CVE-2022-34268
was published
Dec 25, 2023
A deserialization of untrusted data vulnerability with a malicious payload can allow an...
Critical
Unreviewed
CVE-2024-40711
was published
Sep 7, 2024
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to...
Critical
Unreviewed
CVE-2024-37288
was published
Sep 9, 2024
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote...
High
Unreviewed
CVE-2024-8255
was published
Aug 29, 2024
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to...
Critical
Unreviewed
CVE-2024-45758
was published
Sep 6, 2024
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core...
Critical
Unreviewed
CVE-2023-46817
was published
Nov 3, 2023
A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to...
Critical
Unreviewed
CVE-2024-29433
was published
Apr 1, 2024
The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and...
High
Unreviewed
CVE-2024-7435
was published
Aug 31, 2024
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all...
Critical
Unreviewed
CVE-2024-8016
was published
Aug 30, 2024
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and...
High
Unreviewed
CVE-2024-2694
was published
Aug 30, 2024
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This...
Critical
Unreviewed
CVE-2024-43931
was published
Aug 29, 2024
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the...
High
Unreviewed
CVE-2022-2440
was published
Aug 29, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store...
Critical
Unreviewed
CVE-2024-8030
was published
Aug 28, 2024
ProTip!
Advisories are also available from the
GraphQL API