GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
348 advisories
Filter by severity
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier)...
Critical
Unreviewed
CVE-2023-38204
was published
Sep 14, 2023
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2020-19559
was published
Sep 11, 2023
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which...
Critical
Unreviewed
CVE-2023-0925
was published
Sep 6, 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to...
Critical
Unreviewed
CVE-2023-3259
was published
Aug 14, 2023
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...
Critical
Unreviewed
CVE-2022-40609
was published
Aug 2, 2023
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that...
Critical
Unreviewed
CVE-2023-34347
was published
Jul 10, 2023
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which...
Critical
Unreviewed
CVE-2023-1399
was published
Jul 6, 2023
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an...
Critical
Unreviewed
CVE-2023-28323
was published
Jul 1, 2023
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8...
Critical
Unreviewed
CVE-2023-33299
was published
Jun 23, 2023
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions...
Critical
Unreviewed
CVE-2020-36727
was published
Jun 7, 2023
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to...
Critical
Unreviewed
CVE-2020-36726
was published
Jun 7, 2023
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in...
Critical
Unreviewed
CVE-2020-36718
was published
Jun 7, 2023
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due...
Critical
Unreviewed
CVE-2023-32336
was published
May 22, 2023
The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX...
Critical
Unreviewed
CVE-2023-1650
was published
May 8, 2023
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently...
Critical
Unreviewed
CVE-2023-1967
was published
Apr 28, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ...
Critical
Unreviewed
CVE-2023-20853
was published
Apr 27, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ...
Critical
Unreviewed
CVE-2023-20852
was published
Apr 27, 2023
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated,...
Critical
Unreviewed
CVE-2023-20864
was published
Apr 20, 2023
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to...
Critical
Unreviewed
CVE-2021-28254
was published
Apr 19, 2023
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
Critical
Unreviewed
CVE-2021-30128
was published
May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use...
Critical
Unreviewed
CVE-2021-26295
was published
May 24, 2022
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the...
Critical
Unreviewed
CVE-2020-6967
was published
May 24, 2022
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker...
Critical
Unreviewed
CVE-2019-18316
was published
May 24, 2022
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of...
Critical
Unreviewed
CVE-2019-18580
was published
May 24, 2022
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow...
Critical
Unreviewed
CVE-2019-18364
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API