Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,530 advisories

Loading
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-11949 was published Dec 12, 2024
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-11947 was published Dec 12, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7... High Unreviewed
CVE-2024-53247 was published Dec 10, 2024
A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM... High Unreviewed
CVE-2024-49849 was published Dec 10, 2024
The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and... High Unreviewed
CVE-2024-11501 was published Dec 7, 2024
shared_preferences_android vulnerability Low
GHSA-3hpf-ff72-j67p was published for shared_preferences_android (Pub) Dec 6, 2024
oskar-zeinomahmalat-sonarsource reidbaker
stuartmorgan
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore High
CVE-2022-41137 was published for org.apache.hive:hive-exec (Maven) Dec 5, 2024
Borsh serialization of HashMap is non-canonical High
GHSA-wwq9-3cpr-mm53 was published for hashbrown (Rust) Dec 4, 2024
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms... High Unreviewed
CVE-2024-10587 was published Dec 4, 2024
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code. Critical Unreviewed
CVE-2024-51363 was published Dec 4, 2024
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization... Critical Unreviewed
CVE-2024-53477 was published Dec 2, 2024
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package... Critical Unreviewed
CVE-2024-52338 was published Nov 28, 2024
A java deserialization vulnerability in HPE Remote Insight Support allows an unauthenticated... High Unreviewed
CVE-2024-53673 was published Nov 27, 2024
Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an... Critical Unreviewed
CVE-2024-11145 was published Nov 26, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It... Critical Unreviewed
CVE-2024-53910 was published Nov 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It... Critical Unreviewed
CVE-2024-53909 was published Nov 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It... Critical Unreviewed
CVE-2024-53915 was published Nov 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It... Critical Unreviewed
CVE-2024-53913 was published Nov 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It... Critical Unreviewed
CVE-2024-53914 was published Nov 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It... Critical Unreviewed
CVE-2024-53911 was published Nov 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It... Critical Unreviewed
CVE-2024-53912 was published Nov 24, 2024
The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP... Critical Unreviewed
CVE-2024-9511 was published Nov 23, 2024
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11392 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11394 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11393 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database