GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
Fixes a bug in Zend Framework's Stream HTTP Wrapper
Critical
CVE-2021-21426
was published
for
openmage/magento-lts
(Composer)
Apr 22, 2021
Insecure Deserialization of untrusted data in rmccue/requests
Critical
CVE-2021-29476
was published
for
rmccue/requests
(Composer)
Apr 29, 2021
Object injection in PHPMailer/PHPMailer
Critical
CVE-2020-36326
was published
for
phpmailer/phpmailer
(Composer)
May 4, 2021
Remote code execution in zendframework and laminas-http
Critical
CVE-2021-3007
was published
for
laminas/laminas-http
(Composer)
Jun 8, 2021
Deserialization of Untrusted Data in NukeViet
Critical
CVE-2019-7725
was published
for
nukeviet/nukeviet
(Composer)
Jun 22, 2021
Deserialization of Untrusted Data in codeception/codeception
Critical
CVE-2021-23420
was published
for
codeception/codeception
(Composer)
Sep 1, 2021
Directory Traversal in typo3/phar-stream-wrapper
Critical
CVE-2019-11831
was published
for
drupal/core
(Composer)
Sep 30, 2021
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-36567
was published
for
topthink/framework
(Composer)
Dec 7, 2021
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-36564
was published
for
topthink/framework
(Composer)
Dec 10, 2021
Remote Code Execution in Laravel
Critical
CVE-2021-43503
was published
for
laravel/laravel
(Composer)
Apr 9, 2022
•
withdrawn
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-23592
was published
for
topthink/framework
(Composer)
May 7, 2022
Joomla! Object Injection Vulnerability
Critical
CVE-2019-7743
was published
for
joomla/joomla-cms
(Composer)
May 13, 2022
Laravel Framework Deserialization Vulnerability
Critical
CVE-2019-9081
was published
for
laravel/framework
(Composer)
May 14, 2022
PharStreamWrapper for Typo3 unsafe deserialization vulnerability
Critical
CVE-2019-11830
was published
for
typo3/phar-stream-wrapper
(Composer)
May 24, 2022
Spoon Library as used in Fork CMS allows PHP object injection
Critical
CVE-2019-15521
was published
for
spoon/library
(Composer)
May 24, 2022
Magento deserialization vulnerability
Critical
CVE-2020-3716
was published
for
magento/community-edition
(Composer)
May 24, 2022
ThinkAdmin insecure unserialize vulnerability
Critical
CVE-2020-23653
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Unserialized Pop Chain in Laravel
Critical
CVE-2022-31279
was published
for
laravel/laravel
(Composer)
Jun 8, 2022
•
withdrawn
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2022-33107
was published
for
topthink/framework
(Composer)
Jun 30, 2022
ThinkPHP deserialization vulnerability
Critical
CVE-2022-38352
was published
for
topthink/framework
(Composer)
Sep 16, 2022
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Critical
CVE-2018-17057
was published
for
fooman/tcpdf
(Composer)
Oct 6, 2022
Deserialization of Untrusted Data in thinkphp
Critical
CVE-2022-45982
was published
for
topthink/think
(Composer)
Feb 8, 2023
PHAR deserialization allowing remote code execution
Critical
CVE-2023-28115
was published
for
knplabs/knp-snappy
(Composer)
Mar 17, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution
Critical
CVE-2023-36825
was published
for
orchid/platform
(Composer)
Jul 11, 2023
ProTip!
Advisories are also available from the
GraphQL API