GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,049
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,460 advisories
Filter by severity
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object...
High
Unreviewed
CVE-2024-12721
was published
Dec 21, 2024
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute...
High
Unreviewed
CVE-2024-12677
was published
Dec 20, 2024
A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in...
High
Unreviewed
CVE-2024-12741
was published
Dec 18, 2024
Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object...
Critical
Unreviewed
CVE-2024-56058
was published
Dec 18, 2024
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows...
High
Unreviewed
CVE-2024-12687
was published
Dec 16, 2024
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack...
High
Unreviewed
CVE-2024-10095
was published
Dec 16, 2024
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This...
Critical
Unreviewed
CVE-2024-54367
was published
Dec 16, 2024
Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object...
Critical
Unreviewed
CVE-2024-54273
was published
Dec 13, 2024
Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection...
High
Unreviewed
CVE-2024-54282
was published
Dec 13, 2024
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows...
High
Unreviewed
CVE-2024-11839
was published
Dec 13, 2024
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to...
Critical
Unreviewed
CVE-2024-49147
was published
Dec 12, 2024
The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all...
High
Unreviewed
CVE-2024-12312
was published
Dec 12, 2024
Microsoft/Muzic Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-49063
was published
Dec 12, 2024
Microsoft SharePoint Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-49070
was published
Dec 12, 2024
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2024-11949
was published
Dec 12, 2024
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2024-11947
was published
Dec 12, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7...
High
Unreviewed
CVE-2024-53247
was published
Dec 10, 2024
A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM...
High
Unreviewed
CVE-2024-49849
was published
Dec 10, 2024
The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and...
High
Unreviewed
CVE-2024-11501
was published
Dec 7, 2024
shared_preferences_android vulnerability
Low
GHSA-3hpf-ff72-j67p
was published
for
shared_preferences_android
(Pub)
Dec 6, 2024
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
High
CVE-2022-41137
was published
for
org.apache.hive:hive-exec
(Maven)
Dec 5, 2024
Borsh serialization of HashMap is non-canonical
High
GHSA-wwq9-3cpr-mm53
was published
for
hashbrown
(Rust)
Dec 4, 2024
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms...
High
Unreviewed
CVE-2024-10587
was published
Dec 4, 2024
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.
Critical
Unreviewed
CVE-2024-51363
was published
Dec 4, 2024
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization...
Critical
Unreviewed
CVE-2024-53477
was published
Dec 2, 2024
ProTip!
Advisories are also available from the
GraphQL API