GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,558
Composer 4,458
Erlang 33
GitHub Actions 22
Go 2,156
Maven 5,338
npm 3,818
NuGet 693
pip 3,497
Pub 12
RubyGems 903
Rust 903
Swift 38

Unreviewed advisories

All unreviewed 247,155

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

428 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting... Critical Unreviewed

CVE-2025-27816 was published Mar 7, 2025

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection... Critical Unreviewed

CVE-2024-13787 was published Mar 5, 2025

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions... Critical Unreviewed

CVE-2025-0912 was published Mar 4, 2025

Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be... Critical Unreviewed

CVE-2024-27604 was published Apr 2, 2024

Deserialization of Untrusted Data vulnerability in flexmls Flexmls® IDX allows Object Injection.... Critical Unreviewed

CVE-2025-26900 was published Feb 25, 2025

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10... Critical Unreviewed

CVE-2017-3066 was published May 13, 2022

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider... Critical Unreviewed

CVE-2025-26763 was published Feb 22, 2025

Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore... Critical Unreviewed

CVE-2024-33553 was published Apr 29, 2024

The application deserializes untrusted data without sufficiently verifying that the resulting... Critical Unreviewed

CVE-2024-37361 was published Feb 20, 2025

The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and... Critical Unreviewed

CVE-2024-13789 was published Feb 20, 2025

The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to... Critical Unreviewed

CVE-2024-12562 was published Feb 15, 2025

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This... Critical Unreviewed

CVE-2024-28075 was published May 14, 2024

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed

CVE-2024-5871 was published Jun 15, 2024

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed

CVE-2015-7450 was published May 17, 2022

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute... Critical Unreviewed

CVE-2025-20124 was published Feb 5, 2025

ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in... Critical Unreviewed

CVE-2021-35464 was published May 24, 2022

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed

CVE-2024-57766 was published Jan 15, 2025

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed

CVE-2024-57763 was published Jan 15, 2025

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure... Critical Unreviewed

CVE-2021-42237 was published May 24, 2022

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the... Critical Unreviewed

CVE-2024-57764 was published Jan 15, 2025

Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for... Critical Unreviewed

CVE-2025-24661 was published Feb 3, 2025

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions... Critical Unreviewed

CVE-2024-1813 was published Apr 9, 2024

The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object... Critical Unreviewed

CVE-2024-13742 was published Jan 30, 2025

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to... Critical Unreviewed

CVE-2022-35405 was published Jul 20, 2022

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to... Critical Unreviewed

CVE-2018-0147 was published May 13, 2022

Previous 1 2 3 4 5 … 17 18 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

428 advisories