Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
Reverb use after free vulnerability Moderate
CVE-2024-8375 was published for dm-reverb (pip) Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability High
CVE-2024-46983 was published for com.alipay.sofa:hessian (Maven) Sep 19, 2024
unam4 springkill
sqlitedict insecure deserialization vulnerability High
CVE-2024-35515 was published for sqlitedict (pip) Sep 18, 2024
LangChain pickle deserialization of untrusted data Moderate
CVE-2024-5998 was published for langchain-community (pip) Sep 17, 2024
BarrensZeppelin
Apache Seata Deserialization of Untrusted Data vulnerability High
CVE-2024-22399 was published for org.apache.seata:seata-core (Maven) Sep 16, 2024
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This... Moderate Unreviewed
CVE-2024-8862 was published Sep 16, 2024
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the ... High Unreviewed
CVE-2022-2446 was published Sep 13, 2024
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted... Critical Unreviewed
CVE-2024-41874 was published Sep 13, 2024
Cleanlab Deserialization of Untrusted Data vulnerability High
CVE-2024-45857 was published for cleanlab (pip) Sep 12, 2024
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution... Critical Unreviewed
CVE-2024-28991 was published Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45855 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45854 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45853 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45852 was published for mindsdb (pip) Sep 12, 2024
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024... Critical Unreviewed
CVE-2024-29847 was published Sep 12, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-43464 was published Sep 10, 2024
Microsoft SharePoint Server Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-43466 was published Sep 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38018 was published Sep 10, 2024
Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data. Critical Unreviewed
CVE-2023-37227 was published Sep 10, 2024
ThinkPHP deserialization vulnerability Critical
CVE-2024-44902 was published for topthink/framework (Composer) Sep 9, 2024
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to... Critical Unreviewed
CVE-2024-37288 was published Sep 9, 2024
A deserialization of untrusted data vulnerability with a malicious payload can allow an... Critical Unreviewed
CVE-2024-40711 was published Sep 7, 2024
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to... Critical Unreviewed
CVE-2024-45758 was published Sep 6, 2024
The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and... High Unreviewed
CVE-2024-7435 was published Aug 31, 2024
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2024-8016 was published Aug 30, 2024
ProTip! Advisories are also available from the GraphQL API