Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

612 advisories

Loading
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability Critical
CVE-2024-26580 was published for org.apache.inlong:manager-common (Maven) Mar 6, 2024
oscerd
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
TorrentPier Deserialization of Untrusted Data vulnerability Critical
CVE-2024-40624 was published for torrentpier/torrentpier (Composer) Jul 15, 2024
swapgs
Redisson vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-42809 was published for org.redisson:redisson (Maven) Aug 5, 2024
XXL-RPC Deserialization of Untrusted Data vulnerability Critical
CVE-2023-45146 was published for com.xuxueli:xxl-rpc-core (Maven) Aug 5, 2024
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be... Critical Unreviewed
CVE-2024-28211 was published Mar 7, 2024
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied... Critical Unreviewed
CVE-2024-2054 was published Mar 21, 2024
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute... Critical Unreviewed
CVE-2024-28212 was published Mar 7, 2024
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants... Critical Unreviewed
CVE-2024-43141 was published Aug 13, 2024
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code... Critical Unreviewed
CVE-2024-28986 was published Aug 14, 2024
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote... Critical Unreviewed
CVE-2023-43208 was published Oct 26, 2023
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This... Critical Unreviewed
CVE-2024-37099 was published Aug 19, 2024
Deserialization of Untrusted Data vulnerability in Crew HRM allows Object Injection.This issue... Critical Unreviewed
CVE-2024-43252 was published Aug 19, 2024
Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object... Critical Unreviewed
CVE-2024-43242 was published Aug 19, 2024
Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue... Critical Unreviewed
CVE-2024-43354 was published Aug 19, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-5932 was published Aug 20, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store... Critical Unreviewed
CVE-2024-5335 was published Aug 21, 2024
nGrinder vulnerable to unsafe Java objects deserialization Critical
CVE-2024-28213 was published for org.ngrinder:ngrinder-core (Maven) Mar 7, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-23052 was published Feb 29, 2024
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store... Critical Unreviewed
CVE-2024-8030 was published Aug 28, 2024
Deserialization of Untrusted Data in Liferay Portal Critical
CVE-2020-7961 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) May 24, 2022
amuravski liefke
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This... Critical Unreviewed
CVE-2024-43931 was published Aug 29, 2024
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2024-8016 was published Aug 30, 2024
A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to... Critical Unreviewed
CVE-2024-29433 was published Apr 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database