Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
yiisoft/yii deserializing untrusted user input can lead to remote code execution High
CVE-2023-47130 was published for yiisoft/yii (Composer) Nov 14, 2023
ma4ter222
mPDF Unsafe Deserialization High
CVE-2019-1000005 was published for mpdf/mpdf (Composer) May 14, 2022
Deserialization of Untrusted Data in librenms/librenms High
CVE-2022-3525 was published for librenms/librenms (Composer) Nov 20, 2022
Shopware Insecure Deserialization Vulnerability High
CVE-2019-12799 was published for shopware/shopware (Composer) May 24, 2022
Pimcore RCE via PHAR upload High
CVE-2019-16317 was published for pimcore/pimcore (Composer) May 24, 2022
Deserialization of Untrusted Data in Archive_Tar High
CVE-2020-28948 was published for pear/archive_tar (Composer) Apr 22, 2021
Phar unserialization vulnerability in phpMussel High
CVE-2020-4043 was published for Maikuolan/phpMussel (Composer) Jun 10, 2020
Maikuolan
Prevent RCE when deserializing untrusted user input High
CVE-2022-41922 was published for yiisoft/yii (Composer) Nov 21, 2022
fi3wey
RCE via PHP Object injection via SOAP Requests High
CVE-2020-15244 was published for openmage/magento-lts (Composer) Oct 30, 2020
convenient
melisplatform/melis-cms vulnerable to deserialization of untrusted data High
CVE-2022-39297 was published for melisplatform/melis-cms (Composer) Oct 11, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data High
CVE-2022-39298 was published for melisplatform/melis-front (Composer) Oct 11, 2022
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
ProTip! Advisories are also available from the GraphQL API