Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,124
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

636 advisories

Loading
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
Apache ActiveMQ is vulnerable to Remote Code Execution Critical
CVE-2023-46604 was published for org.apache.activemq:activemq-client (Maven) Oct 27, 2023
nmarcoccio sunSUNQ
Deserialization of Untrusted Data in bson Critical
CVE-2020-7610 was published for bson (npm) May 7, 2021
Apache MINA Deserialization RCE Vulnerability Critical
CVE-2024-52046 was published for org.apache.mina:mina-core (Maven) Dec 25, 2024
Malayke
Apache Inlong Deserialization of Untrusted Data vulnerability Critical
CVE-2024-26579 was published for org.apache.inlong:manager-pojo (Maven) May 8, 2024
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2024-28075 was published May 14, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2024-5871 was published Jun 15, 2024
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed
CVE-2015-7450 was published May 17, 2022
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute... Critical Unreviewed
CVE-2025-20124 was published Feb 5, 2025
ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in... Critical Unreviewed
CVE-2021-35464 was published May 24, 2022
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed
CVE-2024-57763 was published Jan 15, 2025
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed
CVE-2024-57766 was published Jan 15, 2025
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure... Critical Unreviewed
CVE-2021-42237 was published May 24, 2022
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed
CVE-2024-57764 was published Jan 15, 2025
Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for... Critical Unreviewed
CVE-2025-24661 was published Feb 3, 2025
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions... Critical Unreviewed
CVE-2024-1813 was published Apr 9, 2024
The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object... Critical Unreviewed
CVE-2024-13742 was published Jan 30, 2025
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to... Critical Unreviewed
CVE-2022-35405 was published Jul 20, 2022
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to... Critical Unreviewed
CVE-2018-0147 was published May 13, 2022
Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows... Critical Unreviewed
CVE-2025-24671 was published Jan 27, 2025
Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection.... Critical Unreviewed
CVE-2025-24601 was published Jan 27, 2025
Pre-authentication deserialization of untrusted data vulnerability has been identified in the... Critical Unreviewed
CVE-2025-23006 was published Jan 23, 2025
Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows... Critical Unreviewed
CVE-2025-23914 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection.... Critical Unreviewed
CVE-2025-23932 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This... Critical Unreviewed
CVE-2024-49688 was published Jan 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database