Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,988
NuGet
720
pip
3,781
Pub
12
RubyGems
926
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

764 advisories

Loading
An unauthenticated remote command execution vulnerability exists in the applyCT component of the... Critical Unreviewed
CVE-2025-34067 was published Jul 2, 2025
vLLM Allows Remote Code Execution via Mooncake Integration Critical
CVE-2025-29783 was published for vllm (pip) Mar 19, 2025
JosephTLucas russellb
kexinoh
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... Critical Unreviewed
CVE-2024-13786 was published Jul 2, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Critical
CVE-2025-32897 was published for org.apache.seata:seata-config-core (Maven) Jun 28, 2025
oscerd
Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic allows Object... Critical Unreviewed
CVE-2025-28970 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms allows Object... Critical Unreviewed
CVE-2025-52709 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk allows Object Injection.... Critical Unreviewed
CVE-2025-52724 was published Jun 27, 2025
Deserialization of Untrusted Data vulnerability in pebas CouponXxL allows Object Injection. This... Critical Unreviewed
CVE-2025-52725 was published Jun 27, 2025
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2025-36038 was published Jun 26, 2025
Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability.... Critical Unreviewed
CVE-2025-2566 was published Jun 24, 2025
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5... Critical Unreviewed
CVE-2025-25034 was published Jun 20, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and... Critical Unreviewed
CVE-2025-49330 was published Jun 17, 2025
Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce... Critical Unreviewed
CVE-2025-30618 was published Jun 17, 2025
Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This... Critical Unreviewed
CVE-2025-31919 was published Jun 17, 2025
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Critical
CVE-2025-49113 was published for roundcube/roundcubemail (Composer) Jun 2, 2025
Malayke
Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection... Critical Unreviewed
CVE-2025-49455 was published Jun 10, 2025
Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection... Critical Unreviewed
CVE-2025-49507 was published Jun 10, 2025
Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction... Critical Unreviewed
CVE-2025-31429 was published Jun 9, 2025
Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme... Critical Unreviewed
CVE-2025-31396 was published Jun 9, 2025
Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows... Critical Unreviewed
CVE-2025-31398 was published Jun 9, 2025
Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page... Critical Unreviewed
CVE-2025-31052 was published Jun 9, 2025
Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet Dessert allows Object... Critical Unreviewed
CVE-2025-49073 was published Jun 6, 2025
Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object... Critical Unreviewed
CVE-2025-49072 was published Jun 6, 2025
laravel-auth0 SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-c42h-56wx-h85q was published for auth0/login (Composer) Jun 6, 2025
A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD... Critical Unreviewed
CVE-2025-48780 was published Jun 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database