GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
TYPO3 Remote Code Execution in extension "Site Crawler" (crawler)
High
CVE-2026-8727
was published
for
tomasnorre/crawler
(Composer)
May 19, 2026
PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)
High
CVE-2026-49286
was published
for
pontedilana/php-weasyprint
(Composer)
Jun 26, 2026
Concrete CMS Vulnerable to Deserialization of Untrusted Data
High
CVE-2026-8135
was published
for
concrete5/concrete5
(Composer)
May 21, 2026
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
High
CVE-2026-45077
was published
for
symfony/monolog-bridge
(Composer)
May 27, 2026
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction
High
CVE-2026-45162
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling
High
CVE-2026-24765
was published
for
phpunit/phpunit
(Composer)
Jan 27, 2026
OpenMage LTS: Phar Deserialization leads to Remote Code Execution
High
CVE-2026-25524
was published
for
openmage/magento-lts
(Composer)
Apr 21, 2026
OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2
High
CVE-2026-29782
was published
for
devcode-it/openstamanager
(Composer)
Apr 1, 2026
Saloon has insecure deserialization in AccessTokenAuthenticator
High
CVE-2026-33942
was published
for
saloonphp/saloon
(Composer)
Mar 27, 2026
Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection
High
CVE-2026-3452
was published
for
concrete5/concrete5
(Composer)
Mar 4, 2026
Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
High
CVE-2026-27206
was published
for
zumba/json-serializer
(Composer)
Feb 19, 2026
MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution
High
GHSA-r33w-fg8j-9c94
was published
for
cesargb/laravel-magiclink
(Composer)
Feb 12, 2026
TYPO3 Vulnerable to Insecure Deserialization
High
CVE-2019-12747
was published
for
typo3/cms
(Composer)
May 24, 2022
Drupal Core Remote Code Execution Vulnerability
High
CVE-2019-6340
was published
for
drupal/core
(Composer)
May 13, 2022
Adminer PHP Object Injection issue leads to Denial of Service
High
CVE-2025-43960
was published
for
vrana/adminer
(Composer)
Aug 25, 2025
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55638
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55637
was published
for
drupal/core
(Composer)
Dec 10, 2024
Unsafe deserialization in SmtpTransport in CakePHP
High
CVE-2019-11458
was published
for
cakephp/cakephp
(Composer)
Dec 2, 2019
Laravel Framework RCE Vulnerability
High
CVE-2018-15133
was published
for
laravel/framework
(Composer)
May 14, 2022
FileManager Deserialization of Untrusted Data vulnerability
High
CVE-2024-52306
was published
for
backpack/filemanager
(Composer)
Nov 13, 2024
ThinkPHP deserialization vulnerability
High
CVE-2024-48112
was published
for
topthink/thinkphp
(Composer)
Oct 30, 2024
nukeviet Deserialization of Untrusted Data vulnerability
High
CVE-2024-36528
was published
for
nukeviet/nukeviet
(Composer)
Jun 10, 2024
image-optimizer allows PHAR deserialization
High
CVE-2024-34515
was published
for
spatie/image-optimizer
(Composer)
May 5, 2024
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
High
GHSA-ppgf-8745-8pgx
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Insecure Deserialization in TYPO3 CMS
High
GHSA-8h28-f46f-m87h
was published
for
typo3/cms
(Composer)
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API