Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

874 advisories

Loading
An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code... Critical Unreviewed
CVE-2025-56005 was published Jan 20, 2026
Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in... Critical Unreviewed
CVE-2023-7334 was published Jan 16, 2026
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB
Credited to chudyPB
Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters... Critical Unreviewed
CVE-2025-67911 was published Jan 8, 2026
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows... Critical Unreviewed
CVE-2025-47552 was published Jan 7, 2026
Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers... Critical Unreviewed
CVE-2025-68038 was published Dec 24, 2025
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code... Critical Unreviewed
CVE-2025-14931 was published Dec 23, 2025
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs Critical
CVE-2025-68664 was published for langchain-core (pip) Dec 23, 2025
0xn3va yardenporat353
VladimirEliTokarev eyurtsev ccurme mdrxy hntrl
Credited to 0xn3va, yardenporat353, VladimirEliTokarev, eyurtsev, ccurme, mdrxy, and hntrl
Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object... Critical Unreviewed
CVE-2025-64233 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot... Critical Unreviewed
CVE-2025-60178 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices... Critical Unreviewed
CVE-2025-64227 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection... Critical Unreviewed
CVE-2025-64206 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact... Critical Unreviewed
CVE-2025-60174 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf... Critical Unreviewed
CVE-2025-60090 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin... Critical Unreviewed
CVE-2025-60091 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf... Critical Unreviewed
CVE-2025-60180 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf... Critical Unreviewed
CVE-2025-60089 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object... Critical Unreviewed
CVE-2025-54723 was published Dec 18, 2025
NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this... Critical Unreviewed
CVE-2025-33210 was published Dec 16, 2025
Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions Critical
GHSA-vr6p-vq2p-6j74 was published for likec4 (npm) Dec 15, 2025 withdrawn
fnuttens davydkov
Credited to fnuttens and davydkov
MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in... Critical Unreviewed
CVE-2025-65213 was published Dec 15, 2025
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1,... Critical Unreviewed
CVE-2025-34394 was published Dec 10, 2025
Under certain conditions, a high privileged user could exploit a deserialization vulnerability in... Critical Unreviewed
CVE-2025-42928 was published Dec 9, 2025
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in... Critical Unreviewed
CVE-2025-66571 was published Dec 4, 2025
React Server Components are Vulnerable to RCE Critical
GHSA-fmh4-wr37-44fp was published for @vitejs/plugin-rsc (npm) Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database