Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
By-passing Protection of PharStreamWrapper Interceptor Moderate
GHSA-4v5g-8pq2-32m2 was published for typo3/phar-stream-wrapper (Composer) Jun 5, 2024
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS High
GHSA-ppgf-8745-8pgx was published for typo3/cms (Composer) Jun 5, 2024
Insecure Deserialization in TYPO3 CMS High
GHSA-8h28-f46f-m87h was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling High
GHSA-5h5v-m596-r6rf was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 CMS Insecure Deserialization High
GHSA-96jg-pmc4-cx39 was published for typo3/cms-core (Composer) May 30, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-mmcv-fvq8-r9x3 was published for symfony/symfony (Composer) May 30, 2024
Laravel Cookie serialization vulnerability High
GHSA-6jvx-8ch9-j2jr was published for laravel/framework (Composer) May 15, 2024
Laravel Cookie serialization vulnerability High
GHSA-2867-6rrm-38gr was published for illuminate/cookie (Composer) May 15, 2024
timber/timber vulnerable to Deserialization of Untrusted Data High
CVE-2024-29800 was published for timber/timber (Composer) Apr 12, 2024
Sonicrrrr dennisenderink
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder Moderate
CVE-2024-28861 was published for friendsofsymfony1/symfony1 (Composer) Mar 22, 2024
darkpills
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency Moderate
CVE-2024-28859 was published for friendsofsymfony1/swiftmailer (Composer) Mar 18, 2024
darkpills
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
PHPEMS Deserialization of Untrusted Data vulnerability Moderate
CVE-2023-6654 was published for phpems/phpems (Composer) Dec 10, 2023
yiisoft/yii deserializing untrusted user input can lead to remote code execution High
CVE-2023-47130 was published for yiisoft/yii (Composer) Nov 14, 2023
ma4ter222
Snappy PHAR deserialization vulnerability Critical
CVE-2023-41330 was published for knplabs/knp-snappy (Composer) Sep 8, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution Critical
CVE-2023-36825 was published for orchid/platform (Composer) Jul 11, 2023
catferq
PHAR deserialization allowing remote code execution Critical
CVE-2023-28115 was published for knplabs/knp-snappy (Composer) Mar 17, 2023
psmoros nightfury99
Deserialization of Untrusted Data in thinkphp Critical
CVE-2022-45982 was published for topthink/think (Composer) Feb 8, 2023
Prevent RCE when deserializing untrusted user input High
CVE-2022-41922 was published for yiisoft/yii (Composer) Nov 21, 2022
fi3wey
Deserialization of Untrusted Data in librenms/librenms High
CVE-2022-3525 was published for librenms/librenms (Composer) Nov 20, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data High
CVE-2022-39297 was published for melisplatform/melis-cms (Composer) Oct 11, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data High
CVE-2022-39298 was published for melisplatform/melis-front (Composer) Oct 11, 2022
TCPDF vulnerable to attackers triggering deserialization of arbitrary data Critical
CVE-2018-17057 was published for fooman/tcpdf (Composer) Oct 6, 2022
ProTip! Advisories are also available from the GraphQL API