GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
Deserialization of Untrusted Data in librenms/librenms
High
CVE-2022-3525
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data
High
CVE-2022-39297
was published
for
melisplatform/melis-cms
(Composer)
Oct 11, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data
High
CVE-2022-39298
was published
for
melisplatform/melis-front
(Composer)
Oct 11, 2022
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Critical
CVE-2018-17057
was published
for
fooman/tcpdf
(Composer)
Oct 6, 2022
ThinkPHP deserialization vulnerability
Critical
CVE-2022-38352
was published
for
topthink/framework
(Composer)
Sep 16, 2022
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2022-33107
was published
for
topthink/framework
(Composer)
Jun 30, 2022
Unserialized Pop Chain in Laravel
Critical
CVE-2022-31279
was published
for
laravel/laravel
(Composer)
Jun 8, 2022
•
withdrawn
Typo3 Vulnerable to Insecure Deserialization
High
CVE-2019-12747
was published
for
typo3/cms
(Composer)
May 24, 2022
ThinkAdmin insecure unserialize vulnerability
Critical
CVE-2020-23653
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Subrion CMS PHP Object Injection
Moderate
CVE-2020-12469
was published
for
intelliants/subrion
(Composer)
May 24, 2022
Magento deserialization vulnerability
Critical
CVE-2020-3716
was published
for
magento/community-edition
(Composer)
May 24, 2022
TYPO3 Insecure Deserialization in Query Generator & Query View
High
CVE-2019-19849
was published
for
typo3/cms
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-8141
was published
for
magento/community-edition
(Composer)
May 24, 2022
Pimcore RCE via PHAR upload
High
CVE-2019-16317
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Spoon Library as used in Fork CMS allows PHP object injection
Critical
CVE-2019-15521
was published
for
spoon/library
(Composer)
May 24, 2022
Shopware Insecure Deserialization Vulnerability
High
CVE-2019-12799
was published
for
shopware/shopware
(Composer)
May 24, 2022
PharStreamWrapper for Typo3 unsafe deserialization vulnerability
Critical
CVE-2019-11830
was published
for
typo3/phar-stream-wrapper
(Composer)
May 24, 2022
Typo3 Extbase Framework Unsafe Deserialization
Moderate
CVE-2012-1605
was published
for
typo3/cms
(Composer)
May 17, 2022
Silverstripe CMS Arbitrary Code Execution
Moderate
CVE-2011-4962
was published
for
silverstripe/cms
(Composer)
May 17, 2022
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
Moderate
CVE-2013-7075
was published
for
typo3/cms
(Composer)
May 17, 2022
mPDF Unsafe Deserialization
High
CVE-2019-1000005
was published
for
mpdf/mpdf
(Composer)
May 14, 2022
Laravel Framework Deserialization Vulnerability
Critical
CVE-2019-9081
was published
for
laravel/framework
(Composer)
May 14, 2022
Laravel Framework RCE Vulnerability
High
CVE-2018-15133
was published
for
laravel/framework
(Composer)
May 14, 2022
phpBB Remote Code Execution
High
CVE-2018-19274
was published
for
phpbb/phpbb
(Composer)
May 13, 2022
Pimcore Unserialize Remote Code Execution
High
CVE-2019-10867
was published
for
pimcore/pimcore
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API