Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,167 advisories

Loading
An authenticated remote code execution vulnerability through undisclosed vectors exists in the... High Unreviewed
CVE-2026-41957 was published May 13, 2026
LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning High
CVE-2026-45134 was published for langchain (npm) May 13, 2026
Moaaz-0x Credited to Moaaz-0x and berardinellidaniele berardinellidaniele berardinellidaniele
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-40368 was published May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-40357 was published May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-35439 was published May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-33112 was published May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-33110 was published May 12, 2026
The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains... High Unreviewed
CVE-2026-31232 was published May 12, 2026
The _load_model() function in the neural_magic_training.py script of the optimate project in... High Unreviewed
CVE-2026-31219 was published May 12, 2026
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in... High Unreviewed
CVE-2026-31222 was published May 12, 2026
The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE... High Unreviewed
CVE-2026-31223 was published May 12, 2026
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in... High Unreviewed
CVE-2026-31224 was published May 12, 2026
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability ... High Unreviewed
CVE-2026-31221 was published May 12, 2026
The _load_model() function in the neural_magic_training.py script of the optimate project in... High Unreviewed
CVE-2026-31218 was published May 12, 2026
Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session... High Unreviewed
CVE-2026-7818 was published May 11, 2026
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure... High Unreviewed
CVE-2026-31249 was published May 11, 2026
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure... High Unreviewed
CVE-2026-31250 was published May 11, 2026
LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists High
CVE-2026-44843 was published for langchain-core (pip) May 8, 2026
u-ktdi Credited to u-ktdi, dewankpant, shrutilohani, Moaaz-0x, yardenporat353, pucagit, nick-hollon-lc, and localhost-detect dewankpant dewankpant
shrutilohani shrutilohani Moaaz-0x Moaaz-0x yardenporat353 yardenporat353 pucagit pucagit nick-hollon-lc nick-hollon-lc localhost-detect localhost-detect
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User... High Unreviewed
CVE-2026-5127 was published May 8, 2026
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad... High Unreviewed
CVE-2024-53326 was published May 8, 2026
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2026-7647 was published May 2, 2026
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP... High Unreviewed
CVE-2026-37552 was published May 1, 2026
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client ... High Unreviewed
CVE-2026-42471 was published May 1, 2026
The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically... High Unreviewed
CVE-2026-7584 was published May 1, 2026
NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization... High Unreviewed
CVE-2026-24186 was published Apr 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database