Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
Grav has Insecure Deserialization in File Cache Low
CVE-2026-7317 was published for getgrav/grav (Composer) May 5, 2026
devsamuelsantiago Credited to devsamuelsantiago
A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function... Low Unreviewed
CVE-2026-5473 was published Apr 3, 2026
Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler Low
CVE-2026-35537 was published for roundcube/roundcubemail (Composer) Apr 3, 2026
datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache Low
CVE-2026-2970 was published for datapizza-ai-core (pip) Feb 23, 2026
funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function Low
CVE-2026-2898 was published for funadmin/funadmin (Composer) Feb 22, 2026
A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function... Low Unreviewed
CVE-2026-2555 was published Feb 16, 2026
Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector Low
CVE-2026-24656 was published for org.apache.karaf.decanter.collector:org.apache.karaf.decanter.collector.log.socket (Maven) Jan 26, 2026
Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux... Low Unreviewed
CVE-2025-69276 was published Jan 12, 2026
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables Low
CVE-2025-61677 was published for datachain (pip) Oct 2, 2025
gothburz Credited to gothburz
ml-logger deserialization vulnerability Low
CVE-2025-10950 was published for ml-logger (pip) Sep 25, 2025
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization Low
CVE-2025-50460 was published for ms-swift (pip) Jul 31, 2025
Anchor0221 Credited to Anchor0221
A potential security vulnerability has been identified in the Poly Clariti Manager for versions... Low Unreviewed
CVE-2025-43489 was published Jul 23, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Low
CVE-2025-32897 was published for org.apache.seata:seata-config-core (Maven) Jun 28, 2025
oscerd Credited to oscerd and raboof raboof raboof
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an... Low Unreviewed
CVE-2025-20276 was published Jun 4, 2025
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java... Low Unreviewed
CVE-2025-30012 was published May 13, 2025
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Low Unreviewed
CVE-2023-35814 was published Apr 28, 2025
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on... Low Unreviewed
CVE-2023-35815 was published Apr 28, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Low
CVE-2024-47552 was published for org.apache.seata:seata-config-core (Maven) Mar 20, 2025
raboof Credited to raboof
Drupal core contains a potential PHP Object Injection vulnerability Low
CVE-2024-55636 was published for drupal/core (Composer) Dec 10, 2024
shared_preferences_android vulnerability Low
GHSA-3hpf-ff72-j67p was published for shared_preferences_android (Pub) Dec 6, 2024
oskar-zeinomahmalat-sonarsource Credited to oskar-zeinomahmalat-sonarsource, reidbaker, and stuartmorgan-g reidbaker reidbaker
stuartmorgan-g stuartmorgan-g
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected... Low Unreviewed
CVE-2024-10749 was published Nov 4, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234 Credited to Kakashi1234
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Low Unreviewed
CVE-2024-21217 was published Oct 15, 2024
Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before... Low Unreviewed
CVE-2023-26592 was published Oct 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database