Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

640 advisories

Loading
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... High Unreviewed
CVE-2024-7560 was published Aug 8, 2024
The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and... High Unreviewed
CVE-2024-7561 was published Aug 8, 2024
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... High Unreviewed
CVE-2024-7486 was published Aug 8, 2024
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an... High Unreviewed
CVE-2024-36131 was published Aug 7, 2024
Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue... High Unreviewed
CVE-2024-39636 was published Aug 2, 2024
The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2024-6152 was published Jul 27, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in... High Unreviewed
CVE-2024-6675 was published Jul 22, 2024
H2O vulnerable to Deserialization of Untrusted Data High
CVE-2024-6960 was published for ai.h2o:h2o-core (Maven) Jul 21, 2024
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability High
CVE-2023-49566 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Apache Linkis DataSource remote code execution vulnerability High
CVE-2023-46801 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Microsoft SharePoint Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38094 was published Jul 9, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38023 was published Jul 9, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38024 was published Jul 9, 2024
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 ... High Unreviewed
CVE-2022-45147 was published Jul 9, 2024
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7),... High Unreviewed
CVE-2023-32735 was published Jul 9, 2024
A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2).... High Unreviewed
CVE-2023-32737 was published Jul 9, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user... High Unreviewed
CVE-2024-36984 was published Jul 1, 2024
ntlk unsafe deserialization vulnerability High
CVE-2024-39705 was published for nltk (pip) Jun 28, 2024
justinrosenthal ekaf
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be... High Unreviewed
CVE-2024-5016 was published Jun 25, 2024
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer... High Unreviewed
CVE-2024-35780 was published Jun 19, 2024
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-5724 was published Jun 19, 2024
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization... High Unreviewed
CVE-2024-28964 was published Jun 12, 2024
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability High Unreviewed
CVE-2024-35249 was published Jun 11, 2024
nukeviet Deserialization of Untrusted Data vulnerability High
CVE-2024-36528 was published for nukeviet/nukeviet (Composer) Jun 10, 2024
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS High
GHSA-ppgf-8745-8pgx was published for typo3/cms (Composer) Jun 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database