Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

248 advisories

Loading
Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit High
CVE-2025-1403 was published for qiskit (pip) Feb 21, 2025
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11393 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11392 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11394 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
Apache Airflow: pickle deserialization vulnerability in XComs High
CVE-2023-50943 was published for apache-airflow (pip) Jan 24, 2024
Apache InLong Manager Arbitrary File Read Vulnerability High
CVE-2023-51785 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability High
CVE-2023-39913 was published for org.apache.uima:uimaj (Maven) Nov 8, 2023
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for avro (Maven) Sep 29, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param High
CVE-2023-34434 was published for org.apache.inlong:manager-pojo (Maven) Jul 25, 2023
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability High
CVE-2024-43383 was published for Lucene.Net.Replicator (NuGet) Oct 31, 2024
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering High
CVE-2017-9805 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
sunSUNQ
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator High
CVE-2025-24357 was published for vllm (pip) Jan 27, 2025
DogeWatch
ntlk unsafe deserialization vulnerability High
CVE-2024-39705 was published for nltk (pip) Jun 28, 2024
justinrosenthal ekaf
Laravel Framework RCE Vulnerability High
CVE-2018-15133 was published for laravel/framework (Composer) May 14, 2022
mattberry3
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore High
CVE-2022-41137 was published for org.apache.hive:hive-exec (Maven) Dec 5, 2024
Borsh serialization of HashMap is non-canonical High
GHSA-wwq9-3cpr-mm53 was published for hashbrown (Rust) Dec 4, 2024
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ pjfanning
logback serialization vulnerability High
CVE-2023-6378 was published for ch.qos.logback:logback-classic (Maven) Nov 29, 2023
jakehall-gocity bvahdat
mpenttila liaodaniel peppers-joseph
Apache Spark Deserialization of Untrusted Data vulnerability High
CVE-2017-12612 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
H2O vulnerable to Deserialization of Untrusted Data High
CVE-2024-6960 was published for ai.h2o:h2o-core (Maven) Jul 21, 2024
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability High
CVE-2023-6267 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Jan 25, 2024
transformers has a Deserialization of Untrusted Data vulnerability High
CVE-2023-7018 was published for transformers (pip) Dec 20, 2023
Pickle serialization vulnerable to Deserialization of Untrusted Data High
CVE-2023-23930 was published for vantage6 (pip) Oct 13, 2023
FileManager Deserialization of Untrusted Data vulnerability High
CVE-2024-52306 was published for backpack/filemanager (Composer) Nov 13, 2024
catferq
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database