GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
387 advisories
Filter by severity
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation...
High
Unreviewed
CVE-2021-21869
was published
May 24, 2022
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows...
High
Unreviewed
CVE-2021-36231
was published
May 24, 2022
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform...
High
Unreviewed
CVE-2021-35215
was published
May 24, 2022
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user...
High
Unreviewed
CVE-2021-24579
was published
May 24, 2022
mrdoc is vulnerable to Deserialization of Untrusted Data
High
Unreviewed
CVE-2021-32568
was published
May 24, 2022
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in...
High
Unreviewed
CVE-2021-35216
was published
May 24, 2022
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code...
High
Unreviewed
CVE-2021-35218
was published
May 24, 2022
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in...
High
Unreviewed
CVE-2021-35217
was published
May 24, 2022
ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10...
High
Unreviewed
CVE-2021-32836
was published
May 24, 2022
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary...
High
Unreviewed
CVE-2021-41588
was published
May 24, 2022
In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization...
High
Unreviewed
CVE-2021-0685
was published
May 24, 2022
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in...
High
Unreviewed
CVE-2021-40843
was published
May 24, 2022
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected...
High
Unreviewed
CVE-2021-33728
was published
May 24, 2022
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure...
High
Unreviewed
CVE-2021-35227
was published
May 24, 2022
Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection...
High
Unreviewed
CVE-2021-39321
was published
May 24, 2022
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of...
High
Unreviewed
CVE-2022-3335
was published
Oct 25, 2022
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An...
High
Unreviewed
CVE-2022-40238
was published
Oct 26, 2022
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an...
High
Unreviewed
CVE-2022-3380
was published
Oct 31, 2022
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file,...
High
Unreviewed
CVE-2022-3357
was published
Oct 31, 2022
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint...
High
Unreviewed
CVE-2022-3360
was published
Oct 31, 2022
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro...
High
Unreviewed
CVE-2022-3366
was published
Oct 31, 2022
Project files are stored memory objects in the form of binary serialized data that can later be...
High
Unreviewed
CVE-2021-42698
was published
May 24, 2022
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which...
High
Unreviewed
CVE-2022-3374
was published
Oct 31, 2022
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file,...
High
Unreviewed
CVE-2022-3334
was published
Oct 31, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2021-34992
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API