Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

253 advisories

Loading
TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool Moderate
CVE-2026-0859 was published for typo3/cms-core (Composer) Jan 13, 2026
Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing Moderate
CVE-2026-22187 was published for ome:pom-bio-formats (Maven) Jan 7, 2026
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of... Moderate Unreviewed
CVE-2025-15375 was published Dec 31, 2025
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length Moderate
GHSA-6556-fwc2-fg2p was published for picklescan (pip) Dec 30, 2025
ac0d3r Lyutoon
Credited to ac0d3r and Lyutoon
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval Moderate
GHSA-cffc-mxrf-mhh4 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization Moderate
CVE-2025-13467 was published for org.keycloak:keycloak-ldap-federation (Maven) Dec 19, 2025
Genymobile/scrcpy versions up to and including 3.3.3 and prior to commit 3e40b24 contain a global... Moderate Unreviewed
CVE-2025-34449 was published Dec 19, 2025
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Next Server Actions Source Code Exposure Moderate
GHSA-w37m-7fhw-fmv9 was published for next (npm) Dec 11, 2025
Source Code Exposure Vulnerability in React Server Components Moderate
CVE-2025-55183 was published for react-server-dom-parcel (npm) Dec 11, 2025
Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP... Moderate Unreviewed
CVE-2025-67535 was published Dec 9, 2025
The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and... Moderate Unreviewed
CVE-2025-9191 was published Nov 26, 2025
Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization Moderate
GHSA-93vm-mqpw-8wh3 was published for org.keycloak:keycloak-ldap-federation (Maven) Nov 25, 2025 withdrawn
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows... Moderate Unreviewed
CVE-2025-66073 was published Nov 21, 2025
Drupal core allows Object Injection Moderate
CVE-2025-13081 was published for drupal/core (Composer) Nov 18, 2025
ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is... Moderate Unreviewed
CVE-2025-63617 was published Nov 10, 2025
The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all... Moderate Unreviewed
CVE-2025-8871 was published Nov 5, 2025
cryptidy allows code execution via untrusted data due to pickle.loads Moderate
CVE-2025-63675 was published for cryptidy (pip) Oct 31, 2025
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate
CVE-2025-12058 was published for keras (pip) Oct 29, 2025
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function... Moderate Unreviewed
CVE-2025-12305 was published Oct 27, 2025
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization Moderate
GHSA-cq46-m9x9-j8w2 was published for scapy (pip) Oct 22, 2025
anotherik
Credited to anotherik
Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object... Moderate Unreviewed
CVE-2025-60215 was published Oct 22, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object... Moderate Unreviewed
CVE-2025-60216 was published Oct 22, 2025
Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to... Moderate Unreviewed
CVE-2025-60224 was published Oct 22, 2025
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing... Moderate Unreviewed
CVE-2025-60210 was published Oct 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database