Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

54 advisories

Loading
TYPO3 Remote Code Execution in extension "Site Crawler" (crawler) High
CVE-2026-8727 was published for tomasnorre/crawler (Composer) May 19, 2026
eliashaeussler Credited to eliashaeussler
PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass) High
CVE-2026-49286 was published for pontedilana/php-weasyprint (Composer) Jun 26, 2026
Concrete CMS Vulnerable to Deserialization of Untrusted Data High
CVE-2026-8135 was published for concrete5/concrete5 (Composer) May 21, 2026
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener High
CVE-2026-45077 was published for symfony/monolog-bridge (Composer) May 27, 2026
snoopysecurity Credited to snoopysecurity, nicolas-grekas, and a-tt-om nicolas-grekas nicolas-grekas
a-tt-om a-tt-om
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction High
CVE-2026-45162 was published for pimcore/pimcore (Composer) May 27, 2026
tikket1 Credited to tikket1
PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling High
CVE-2026-24765 was published for phpunit/phpunit (Composer) Jan 27, 2026
aqhmal Credited to aqhmal and theseer theseer theseer
OpenMage LTS: Phar Deserialization leads to Remote Code Execution High
CVE-2026-25524 was published for openmage/magento-lts (Composer) Apr 21, 2026
OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2 High
CVE-2026-29782 was published for devcode-it/openstamanager (Composer) Apr 1, 2026
ormzro Credited to ormzro
Saloon has insecure deserialization in AccessTokenAuthenticator High
CVE-2026-33942 was published for saloonphp/saloon (Composer) Mar 27, 2026
JonPurvis Credited to JonPurvis, Sammyjo20, and HuajiHD Sammyjo20 Sammyjo20
HuajiHD HuajiHD
Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection High
CVE-2026-3452 was published for concrete5/concrete5 (Composer) Mar 4, 2026
Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize() High
CVE-2026-27206 was published for zumba/json-serializer (Composer) Feb 19, 2026
TheDeepOpc Credited to TheDeepOpc, jrbasso, and cjsaylor jrbasso jrbasso
cjsaylor cjsaylor
MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution High
GHSA-r33w-fg8j-9c94 was published for cesargb/laravel-magiclink (Composer) Feb 12, 2026
Pr4v33N-Sec Credited to Pr4v33N-Sec
TYPO3 Vulnerable to Insecure Deserialization High
CVE-2019-12747 was published for typo3/cms (Composer) May 24, 2022
ohader Credited to ohader
Drupal Core Remote Code Execution Vulnerability High
CVE-2019-6340 was published for drupal/core (Composer) May 13, 2022
Adminer PHP Object Injection issue leads to Denial of Service High
CVE-2025-43960 was published for vrana/adminer (Composer) Aug 25, 2025
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55638 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55637 was published for drupal/core (Composer) Dec 10, 2024
Unsafe deserialization in SmtpTransport in CakePHP High
CVE-2019-11458 was published for cakephp/cakephp (Composer) Dec 2, 2019
ravage84 Credited to ravage84 and decsecre583 decsecre583 decsecre583
Laravel Framework RCE Vulnerability High
CVE-2018-15133 was published for laravel/framework (Composer) May 14, 2022
mattberry3 Credited to mattberry3
FileManager Deserialization of Untrusted Data vulnerability High
CVE-2024-52306 was published for backpack/filemanager (Composer) Nov 13, 2024
catferq Credited to catferq
ThinkPHP deserialization vulnerability High
CVE-2024-48112 was published for topthink/thinkphp (Composer) Oct 30, 2024
nukeviet Deserialization of Untrusted Data vulnerability High
CVE-2024-36528 was published for nukeviet/nukeviet (Composer) Jun 10, 2024
image-optimizer allows PHAR deserialization High
CVE-2024-34515 was published for spatie/image-optimizer (Composer) May 5, 2024
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS High
GHSA-ppgf-8745-8pgx was published for typo3/cms (Composer) Jun 5, 2024
Insecure Deserialization in TYPO3 CMS High
GHSA-8h28-f46f-m87h was published for typo3/cms (Composer) Jun 5, 2024
ProTip! Advisories are also available from the GraphQL API