Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

479 advisories

Loading
Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic:... High Unreviewed
CVE-2024-29136 was published Mar 19, 2024
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series... High Unreviewed
CVE-2019-15271 was published May 24, 2022
Deserialization of Untrusted Data vulnerability in giuliopanda ADFO allows Object Injection. This... High Unreviewed
CVE-2025-27300 was published Feb 24, 2025
Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager... High Unreviewed
CVE-2025-27301 was published Feb 24, 2025
The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2024-13899 was published Feb 22, 2025
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress... High Unreviewed
CVE-2024-13556 was published Feb 18, 2025
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object... High Unreviewed
CVE-2020-28339 was published May 24, 2022
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an... High Unreviewed
CVE-2024-45084 was published Feb 19, 2025
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to... High Unreviewed
CVE-2024-28777 was published Feb 19, 2025
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-28685 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-2561 was published Mar 29, 2023
The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and... High Unreviewed
CVE-2024-13636 was published Feb 18, 2025
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The... High Unreviewed
CVE-2024-20953 was published Feb 17, 2024
Deserialization of untrusted data can occur in the R statistical programming language, on any... High Unreviewed
CVE-2024-27322 was published Apr 29, 2024
In WS_FTP Server version 8.7.0 prior to 8.7.4 and version 8.8.0 prior to 8.8.2, a pre... High Unreviewed
CVE-2023-40044 was published Sep 27, 2023
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is... High Unreviewed
CVE-2024-13770 was published Feb 13, 2025
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to... High Unreviewed
CVE-2025-0994 was published Feb 6, 2025
The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before... High Unreviewed
CVE-2023-1381 was published Apr 10, 2023
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. High Unreviewed
CVE-2022-33900 was published Aug 23, 2022
The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed
CVE-2024-9664 was published Feb 7, 2025
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin... High Unreviewed
CVE-2024-4157 was published May 22, 2024
Zoho ManageEngine Desktop Central 10 allows remote code execution because of deserialization of... High Unreviewed
CVE-2020-10189 was published May 24, 2022
Rails is bad High Unreviewed
CVE-2021-26857 was published May 24, 2022
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml... High Unreviewed
CVE-2024-57762 was published Jan 15, 2025
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0... High Unreviewed
CVE-2015-4852 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database