GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)
High
CVE-2026-49286
was published
for
pontedilana/php-weasyprint
(Composer)
Jun 26, 2026
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
High
CVE-2026-45077
was published
for
symfony/monolog-bridge
(Composer)
May 27, 2026
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction
High
CVE-2026-45162
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
Concrete CMS Vulnerable to Deserialization of Untrusted Data
High
CVE-2026-8135
was published
for
concrete5/concrete5
(Composer)
May 21, 2026
TYPO3 Remote Code Execution in extension "Site Crawler" (crawler)
High
CVE-2026-8727
was published
for
tomasnorre/crawler
(Composer)
May 19, 2026
OpenMage LTS: Phar Deserialization leads to Remote Code Execution
High
CVE-2026-25524
was published
for
openmage/magento-lts
(Composer)
Apr 21, 2026
OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2
High
CVE-2026-29782
was published
for
devcode-it/openstamanager
(Composer)
Apr 1, 2026
Saloon has insecure deserialization in AccessTokenAuthenticator
High
CVE-2026-33942
was published
for
saloonphp/saloon
(Composer)
Mar 27, 2026
Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection
High
CVE-2026-3452
was published
for
concrete5/concrete5
(Composer)
Mar 4, 2026
Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
High
CVE-2026-27206
was published
for
zumba/json-serializer
(Composer)
Feb 19, 2026
MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution
High
GHSA-r33w-fg8j-9c94
was published
for
cesargb/laravel-magiclink
(Composer)
Feb 12, 2026
PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling
High
CVE-2026-24765
was published
for
phpunit/phpunit
(Composer)
Jan 27, 2026
Adminer PHP Object Injection issue leads to Denial of Service
High
CVE-2025-43960
was published
for
vrana/adminer
(Composer)
Aug 25, 2025
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55638
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55637
was published
for
drupal/core
(Composer)
Dec 10, 2024
FileManager Deserialization of Untrusted Data vulnerability
High
CVE-2024-52306
was published
for
backpack/filemanager
(Composer)
Nov 13, 2024
ThinkPHP deserialization vulnerability
High
CVE-2024-48112
was published
for
topthink/thinkphp
(Composer)
Oct 30, 2024
nukeviet Deserialization of Untrusted Data vulnerability
High
CVE-2024-36528
was published
for
nukeviet/nukeviet
(Composer)
Jun 10, 2024
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
High
GHSA-ppgf-8745-8pgx
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Insecure Deserialization in TYPO3 CMS
High
GHSA-8h28-f46f-m87h
was published
for
typo3/cms
(Composer)
Jun 5, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
High
GHSA-5h5v-m596-r6rf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Insecure Deserialization
High
GHSA-96jg-pmc4-cx39
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Laravel Cookie serialization vulnerability
High
GHSA-6jvx-8ch9-j2jr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-2867-6rrm-38gr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
image-optimizer allows PHAR deserialization
High
CVE-2024-34515
was published
for
spatie/image-optimizer
(Composer)
May 5, 2024
ProTip!
Advisories are also available from the
GraphQL API