GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
926 advisories
Filter by severity
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to...
High
Unreviewed
CVE-2026-45659
was published
May 26, 2026
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper...
High
Unreviewed
CVE-2026-24251
was published
Jul 1, 2026
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause...
High
Unreviewed
CVE-2026-24245
was published
Jul 1, 2026
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause...
High
Unreviewed
CVE-2026-24243
was published
Jul 1, 2026
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper...
High
Unreviewed
CVE-2026-24250
was published
Jul 1, 2026
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause...
High
Unreviewed
CVE-2026-24247
was published
Jul 1, 2026
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause...
High
Unreviewed
CVE-2026-24240
was published
Jul 1, 2026
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause...
High
Unreviewed
CVE-2026-24244
was published
Jul 1, 2026
Messaging consumer functionality allows deserialization of user-controlled data without...
High
Unreviewed
CVE-2026-10538
was published
Jul 1, 2026
picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle...
High
Unreviewed
CVE-2025-71368
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter...
High
Unreviewed
CVE-2025-71371
was published
Jul 1, 2026
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run...
High
Unreviewed
CVE-2025-71350
was published
Jul 1, 2026
picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods,...
High
Unreviewed
CVE-2025-71363
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing...
High
Unreviewed
CVE-2025-71349
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when...
High
Unreviewed
CVE-2025-71374
was published
Jul 1, 2026
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses ...
High
Unreviewed
CVE-2026-13759
was published
Jun 30, 2026
The affected product is vulnerable to a deserialization of untrusted data, which may allow an...
High
Unreviewed
CVE-2026-12578
was published
Jun 30, 2026
The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to...
High
Unreviewed
CVE-2026-12240
was published
Jun 30, 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have...
High
Unreviewed
CVE-2026-53435
was published
Jun 10, 2026
Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization...
High
Unreviewed
CVE-2026-57527
was published
Jun 26, 2026
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
High
Unreviewed
CVE-2026-56055
was published
Jun 26, 2026
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
High
Unreviewed
CVE-2026-56031
was published
Jun 26, 2026
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell...
High
Unreviewed
CVE-2025-71340
was published
Jun 26, 2026
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
High
Unreviewed
CVE-2026-56053
was published
Jun 25, 2026
MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2026-10043
was published
Jun 25, 2026
ProTip!
Advisories are also available from the
GraphQL API