Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

992 advisories

Loading
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of... Critical Unreviewed
CVE-2026-34659 was published May 12, 2026
The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its... Critical Unreviewed
CVE-2026-31235 was published May 12, 2026
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its... Critical Unreviewed
CVE-2026-31237 was published May 12, 2026
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502)... Critical Unreviewed
CVE-2026-31239 was published May 12, 2026
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model... Critical Unreviewed
CVE-2026-31238 was published May 12, 2026
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization... Critical Unreviewed
CVE-2026-31229 was published May 12, 2026
Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore... Critical Unreviewed
CVE-2026-31234 was published May 12, 2026
The torch-checkpoint-shrink.py script in the ml-engineering project in commit... Critical Unreviewed
CVE-2026-31214 was published May 12, 2026
torrentpier has PHP Serialize Injections Critical
GHSA-h29g-c9cx-c73q was published for torrentpier/torrentpier (Composer) May 11, 2026
PhpSecure Credited to PhpSecure
SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which... Critical Unreviewed
CVE-2026-44126 was published May 8, 2026
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file... Critical Unreviewed
CVE-2025-69690 was published May 8, 2026
Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass Critical
GHSA-vj3m-2g9h-vm4p was published for getgrav/grav (Composer) May 5, 2026
Proscan-one Credited to Proscan-one
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache... Critical Unreviewed
CVE-2026-42472 was published May 1, 2026
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache... Critical Unreviewed
CVE-2026-42473 was published May 1, 2026
Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix) Critical
CVE-2026-42778 was published for org.apache.mina:mina-core (Maven) May 1, 2026
Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix) Critical
CVE-2026-42779 was published for org.apache.mina:mina-core (Maven) May 1, 2026
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE Critical
CVE-2026-41586 was published for org.hyperledger.fabric-sdk-java:fabric-sdk-java (Maven) Apr 29, 2026
brodmart Credited to brodmart
PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled Critical
CVE-2026-34084 was published for phpoffice/phpspreadsheet (Composer) Apr 29, 2026
calligraf0 Credited to calligraf0
Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions... Critical Unreviewed
CVE-2025-60889 was published Apr 28, 2026
Apache MINA Vulnerable to Deserialization of Untrusted Data (CVE-2024-52046 Incomplete Fix) Critical
CVE-2026-41409 was published for org.apache.mina:mina-core (Maven) Apr 27, 2026
Apache Camel's Camel-Mail component is vulnerable to Camel message header injection Critical
CVE-2026-33454 was published for org.apache.camel:camel-mail (Maven) Apr 27, 2026
JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms,... Critical Unreviewed
CVE-2026-40860 was published Apr 27, 2026
Apache MINA vulnerable to Deserialization of Untrusted Data Critical
CVE-2026-41635 was published for org.apache.mina:mina-core (Maven) Apr 27, 2026
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute... Critical Unreviewed
CVE-2026-33819 was published Apr 24, 2026
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve... Critical Unreviewed
CVE-2026-26210 was published Apr 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database