Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

419 advisories

Loading
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2024-28075 was published May 14, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2024-5871 was published Jun 15, 2024
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed
CVE-2015-7450 was published May 17, 2022
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute... Critical Unreviewed
CVE-2025-20124 was published Feb 5, 2025
ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in... Critical Unreviewed
CVE-2021-35464 was published May 24, 2022
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed
CVE-2024-57763 was published Jan 15, 2025
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed
CVE-2024-57766 was published Jan 15, 2025
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure... Critical Unreviewed
CVE-2021-42237 was published May 24, 2022
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed
CVE-2024-57764 was published Jan 15, 2025
Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for... Critical Unreviewed
CVE-2025-24661 was published Feb 3, 2025
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions... Critical Unreviewed
CVE-2024-1813 was published Apr 9, 2024
The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object... Critical Unreviewed
CVE-2024-13742 was published Jan 30, 2025
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to... Critical Unreviewed
CVE-2022-35405 was published Jul 20, 2022
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to... Critical Unreviewed
CVE-2018-0147 was published May 13, 2022
Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection.... Critical Unreviewed
CVE-2025-24601 was published Jan 27, 2025
Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows... Critical Unreviewed
CVE-2025-24671 was published Jan 27, 2025
Pre-authentication deserialization of untrusted data vulnerability has been identified in the... Critical Unreviewed
CVE-2025-23006 was published Jan 23, 2025
Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows... Critical Unreviewed
CVE-2025-23914 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection.... Critical Unreviewed
CVE-2025-23932 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This... Critical Unreviewed
CVE-2024-49688 was published Jan 21, 2025
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This... Critical Unreviewed
CVE-2025-22777 was published Jan 13, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-12877 was published Jan 11, 2025
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the... Critical Unreviewed
CVE-2024-55556 was published Jan 7, 2025
Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object... Critical Unreviewed
CVE-2024-49222 was published Jan 7, 2025
A deserialization of untrusted data vulnerability with a malicious payload can allow an... Critical Unreviewed
CVE-2024-40711 was published Sep 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database