Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

399 advisories

Loading
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an... Critical Unreviewed
CVE-2023-28323 was published Jul 1, 2023
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8... Critical Unreviewed
CVE-2023-33299 was published Jun 23, 2023
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to... Critical Unreviewed
CVE-2020-36726 was published Jun 7, 2023
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions... Critical Unreviewed
CVE-2020-36727 was published Jun 7, 2023
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in... Critical Unreviewed
CVE-2020-36718 was published Jun 7, 2023
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote... Critical Unreviewed
CVE-2023-27068 was published May 23, 2023
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due... Critical Unreviewed
CVE-2023-32336 was published May 22, 2023
The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX... Critical Unreviewed
CVE-2023-1650 was published May 8, 2023
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently... Critical Unreviewed
CVE-2023-1967 was published Apr 28, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ... Critical Unreviewed
CVE-2023-20853 was published Apr 27, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ... Critical Unreviewed
CVE-2023-20852 was published Apr 27, 2023
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated,... Critical Unreviewed
CVE-2023-20864 was published Apr 20, 2023
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to... Critical Unreviewed
CVE-2021-28254 was published Apr 19, 2023
** UNSUPPORTED WHEN ASSIGNED ** A Java insecure deserialization vulnerability in Adobe LiveCycle... Critical Unreviewed
CVE-2023-28500 was published Apr 6, 2023
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2020-29312 was published Apr 4, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36977 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36974 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36978 was published Mar 29, 2023
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in... Critical Unreviewed
CVE-2023-1133 was published Mar 27, 2023
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are... Critical Unreviewed
CVE-2023-26359 was published Mar 23, 2023
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure... Critical Unreviewed
CVE-2023-28667 was published Mar 22, 2023
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code... Critical Unreviewed
CVE-2023-26779 was published Mar 4, 2023
Unauthenticated Java deserialization vulnerability in Serviceguard Manager Critical Unreviewed
CVE-2022-37936 was published Mar 1, 2023
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated... Critical Unreviewed
CVE-2023-26326 was published Feb 23, 2023
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to... Critical Unreviewed
CVE-2023-0232 was published Feb 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database