GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,503
Composer 5,140
Erlang 40
GitHub Actions 38
Go 2,844
Maven 6,212
npm 4,470
NuGet 779
pip 4,231
Pub 12
RubyGems 974
Rust 1,093
Swift 48

Unreviewed advisories

All unreviewed 286,264

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

874 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

React Server Components are Vulnerable to RCE Critical

CVE-2025-55182 was published for react-server-dom-parcel (npm) Dec 3, 2025

Credited to lachlan2k, PiotrBorowski, nozo-moto, leogasparini, mtorp, mnahkies, mswilson, and AsapHogFtw

Next.js is vulnerable to RCE in React flight protocol Critical

GHSA-9qr9-h5gf-34mp was published for next (npm) Dec 3, 2025

Credited to lachlan2k, bytera, larskaare, mswilson, conorfitch, tockn, yusuke-koyoshi, bottarocarlo, and jcburgo

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to... Critical Unreviewed

CVE-2025-51745 was published Nov 25, 2025

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to... Critical Unreviewed

CVE-2025-51744 was published Nov 25, 2025

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint... Critical Unreviewed

CVE-2025-51746 was published Nov 25, 2025

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material... Critical Unreviewed

CVE-2025-51742 was published Nov 25, 2025

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory... Critical Unreviewed

CVE-2025-51743 was published Nov 25, 2025

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute... Critical Unreviewed

CVE-2025-61168 was published Nov 25, 2025

Microsoft SharePoint Online Elevation of Privilege Vulnerability Critical Unreviewed

CVE-2025-59245 was published Nov 21, 2025

Apache Causeway vulnerable to deserialization in Java Critical

CVE-2025-64408 was published for org.apache.causeway.commons:causeway-commons (Maven) Nov 19, 2025

Modular Max Serve has Unsafe Deserialization vulnerability Critical

CVE-2025-60455 was published for modular (pip) Nov 18, 2025

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code... Critical Unreviewed

CVE-2024-28988 was published Nov 15, 2025

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization Critical Unreviewed

CVE-2025-11367 was published Nov 12, 2025

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user... Critical Unreviewed

CVE-2025-60245 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft... Critical Unreviewed

CVE-2025-58636 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object... Critical Unreviewed

CVE-2025-53586 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows... Critical Unreviewed

CVE-2025-58998 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection... Critical Unreviewed

CVE-2025-53242 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve... Critical Unreviewed

CVE-2025-49386 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets... Critical Unreviewed

CVE-2025-49393 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite... Critical Unreviewed

CVE-2025-48086 was published Nov 6, 2025

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from... Critical Unreviewed

CVE-2025-34292 was published Oct 27, 2025

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue... Critical Unreviewed

CVE-2025-62025 was published Oct 22, 2025

Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows... Critical Unreviewed

CVE-2025-60238 was published Oct 22, 2025

Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows... Critical Unreviewed

CVE-2025-60214 was published Oct 22, 2025

Previous 12…35 Next

Previous 1 2 3 4 5 … 34 35 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

874 advisories