Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
replicator vulnerable to Deserialization of Untrusted Data Critical
CVE-2021-33420 was published for replicator (npm) Dec 15, 2022
Code Execution through IIFE in node-serialize Critical
CVE-2017-5941 was published for node-serialize (npm) Jul 18, 2018
Deserialization of Untrusted Data in msgpack Critical
CVE-2021-23410 was published for msgpack (npm) Jul 26, 2021 withdrawn
Remote Code Execution in scratch-vm Critical
CVE-2020-14000 was published for scratch-vm (npm) Jul 27, 2020
Code Execution Through IIFE in serialize-to-js Critical
CVE-2017-5954 was published for serialize-to-js (npm) Jul 18, 2018
tdunlap607 Credited to tdunlap607
Deserialization of Untrusted Data in bson Critical
CVE-2020-7610 was published for bson (npm) May 7, 2021
React Server Components are Vulnerable to RCE Critical
CVE-2025-55182 was published for react-server-dom-parcel (npm) Dec 3, 2025
lachlan2k Credited to lachlan2k, PiotrBorowski, nozo-moto, leogasparini, mtorp, mnahkies, mswilson, and AsapHogFtw PiotrBorowski PiotrBorowski
nozo-moto nozo-moto leogasparini leogasparini mtorp mtorp mnahkies mnahkies mswilson mswilson AsapHogFtw AsapHogFtw
React Server Components are Vulnerable to RCE Critical
GHSA-fmh4-wr37-44fp was published for @vitejs/plugin-rsc (npm) Dec 3, 2025
Next.js is vulnerable to RCE in React flight protocol Critical
GHSA-9qr9-h5gf-34mp was published for next (npm) Dec 3, 2025
lachlan2k Credited to lachlan2k, bytera, larskaare, mswilson, conorfitch, tockn, yusuke-koyoshi, bottarocarlo, and jcburgo bytera bytera
larskaare larskaare mswilson mswilson conorfitch conorfitch tockn tockn yusuke-koyoshi yusuke-koyoshi bottarocarlo bottarocarlo jcburgo jcburgo
Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions Critical
GHSA-vr6p-vq2p-6j74 was published for likec4 (npm) Dec 15, 2025 withdrawn
fnuttens Credited to fnuttens and davydkov davydkov davydkov
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database