GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
348 advisories
Filter by severity
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti...
Critical
Unreviewed
CVE-2023-35084
was published
Oct 18, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This...
Critical
Unreviewed
CVE-2023-35182
was published
Oct 19, 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This...
Critical
Unreviewed
CVE-2023-35184
was published
Oct 19, 2023
Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing...
Critical
Unreviewed
CVE-2023-39680
was published
Oct 20, 2023
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to...
Critical
Unreviewed
CVE-2023-4402
was published
Oct 20, 2023
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote...
Critical
Unreviewed
CVE-2023-27068
was published
May 23, 2023
Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore...
Critical
Unreviewed
CVE-2024-33553
was published
Apr 29, 2024
Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows...
Critical
Unreviewed
CVE-2023-51204
was published
Jan 31, 2024
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted...
Critical
Unreviewed
CVE-2023-39475
was published
May 3, 2024
Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote...
Critical
Unreviewed
CVE-2023-39476
was published
May 3, 2024
Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability....
Critical
Unreviewed
CVE-2023-51576
was published
May 3, 2024
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This...
Critical
Unreviewed
CVE-2024-28075
was published
May 14, 2024
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal,...
Critical
Unreviewed
CVE-2024-5675
was published
Jun 6, 2024
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote...
Critical
Unreviewed
CVE-2024-5671
was published
Jun 14, 2024
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop...
Critical
Unreviewed
CVE-2024-24302
was published
Mar 3, 2024
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server...
Critical
Unreviewed
CVE-2024-29212
was published
May 14, 2024
The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products &...
Critical
Unreviewed
CVE-2024-4371
was published
Jun 13, 2024
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access...
Critical
Unreviewed
CVE-2024-28074
was published
Jul 17, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming ...
Critical
Unreviewed
CVE-2024-6794
was published
Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that...
Critical
Unreviewed
CVE-2024-6793
was published
Jul 22, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code...
Critical
Unreviewed
CVE-2024-6327
was published
Jul 24, 2024
Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This...
Critical
Unreviewed
CVE-2024-31094
was published
Mar 31, 2024
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be...
Critical
Unreviewed
CVE-2024-28211
was published
Mar 7, 2024
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied...
Critical
Unreviewed
CVE-2024-2054
was published
Mar 21, 2024
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute...
Critical
Unreviewed
CVE-2024-28212
was published
Mar 7, 2024
ProTip!
Advisories are also available from the
GraphQL API