Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

689 advisories

Loading
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-10957 was published Jan 4, 2025
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed
CVE-2024-10932 was published Jan 4, 2025
Microsoft Exchange Server Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-41082 was published Oct 4, 2022
Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBackup.This issue affects WP... High Unreviewed
CVE-2024-56068 was published Dec 31, 2024
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-12721 was published Dec 21, 2024
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute... High Unreviewed
CVE-2024-12677 was published Dec 20, 2024
A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in... High Unreviewed
CVE-2024-12741 was published Dec 18, 2024
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows... High Unreviewed
CVE-2024-12687 was published Dec 16, 2024
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack... High Unreviewed
CVE-2024-10095 was published Dec 16, 2024
Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection... High Unreviewed
CVE-2024-54282 was published Dec 13, 2024
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows... High Unreviewed
CVE-2024-11839 was published Dec 13, 2024
The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-12312 was published Dec 12, 2024
Microsoft/Muzic Remote Code Execution Vulnerability High Unreviewed
CVE-2024-49063 was published Dec 12, 2024
Microsoft SharePoint Remote Code Execution Vulnerability High Unreviewed
CVE-2024-49070 was published Dec 12, 2024
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-11949 was published Dec 12, 2024
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-11947 was published Dec 12, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7... High Unreviewed
CVE-2024-53247 was published Dec 10, 2024
A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM... High Unreviewed
CVE-2024-49849 was published Dec 10, 2024
The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and... High Unreviewed
CVE-2024-11501 was published Dec 7, 2024
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore High
CVE-2022-41137 was published for org.apache.hive:hive-exec (Maven) Dec 5, 2024
Borsh serialization of HashMap is non-canonical High
GHSA-wwq9-3cpr-mm53 was published for hashbrown (Rust) Dec 4, 2024
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms... High Unreviewed
CVE-2024-10587 was published Dec 4, 2024
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ pjfanning
logback serialization vulnerability High
CVE-2023-6378 was published for ch.qos.logback:logback-classic (Maven) Nov 29, 2023
jakehall-gocity bvahdat
mpenttila liaodaniel peppers-joseph
A java deserialization vulnerability in HPE Remote Insight Support allows an unauthenticated... High Unreviewed
CVE-2024-53673 was published Nov 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database