Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,852
NuGet
696
pip
3,637
Pub
12
RubyGems
911
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

162 advisories

Loading
yiisoft Yii2 Deserialization of Untrusted Data Moderate
CVE-2025-2689 was published for yiisoft/yii2-dev (Composer) Mar 24, 2025
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This... Moderate Unreviewed
CVE-2025-2690 was published Mar 24, 2025
aizuda snail-job Vulnerable to Deserialization via `nodeExpression` Argument Moderate
CVE-2025-2622 was published for com.aizuda:snail-job (Maven) Mar 22, 2025
PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable.... Moderate Unreviewed
CVE-2025-0769 was published Feb 28, 2025
WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an... Moderate Unreviewed
CVE-2025-0767 was published Feb 27, 2025
A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This... Moderate Unreviewed
CVE-2025-1186 was published Feb 12, 2025
A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected... Moderate Unreviewed
CVE-2025-1177 was published Feb 11, 2025
Utilization of a module presented a security risk by allowing the deserialization of untrusted... Moderate Unreviewed
CVE-2021-27017 was published Feb 7, 2025
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache Moderate
CVE-2025-24794 was published for snowflake-connector-python (pip) Jan 29, 2025
NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a... Moderate Unreviewed
CVE-2024-0140 was published Jan 28, 2025
Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders Moderate
CVE-2024-56515 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection... Moderate Unreviewed
CVE-2024-13295 was published Jan 9, 2025
Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This... Moderate Unreviewed
CVE-2024-13297 was published Jan 9, 2025
Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This... Moderate Unreviewed
CVE-2024-13296 was published Jan 9, 2025
Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection... Moderate Unreviewed
CVE-2024-13288 was published Jan 9, 2025
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by... Moderate Unreviewed
CVE-2024-13136 was published Jan 5, 2025
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session... Moderate Unreviewed
CVE-2024-8069 was published Nov 12, 2024
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in... Moderate Unreviewed
CVE-2021-4451 was published Oct 16, 2024
A Potential DOS Vulnerability exists in CERT VINCE software prior to version 3.0.8. An... Moderate Unreviewed
CVE-2024-9953 was published Oct 15, 2024
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects... Moderate Unreviewed
CVE-2024-9917 was published Oct 13, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. Moderate
CVE-2024-45772 was published for org.apache.lucene:lucene-replicator (Maven) Sep 30, 2024
streichsbaer
Reverb use after free vulnerability Moderate
CVE-2024-8375 was published for dm-reverb (pip) Sep 19, 2024
Microsoft SharePoint Server Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-43466 was published Sep 10, 2024
A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected... Moderate Unreviewed
CVE-2024-8003 was published Aug 20, 2024
Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows... Moderate Unreviewed
CVE-2024-39630 was published Aug 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database