Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,505 advisories

Loading
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator High
CVE-2025-24357 was published for vllm (pip) Jan 27, 2025
DogeWatch
Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows... Critical Unreviewed
CVE-2025-24671 was published Jan 27, 2025
Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection.... Critical Unreviewed
CVE-2025-24601 was published Jan 27, 2025
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-12600 was published Jan 25, 2025
Pre-authentication deserialization of untrusted data vulnerability has been identified in the... Critical Unreviewed
CVE-2025-23006 was published Jan 23, 2025
Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows... Critical Unreviewed
CVE-2025-23914 was published Jan 22, 2025
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2... High Unreviewed
CVE-2024-31903 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection.... Critical Unreviewed
CVE-2025-23932 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM allows Object Injection.... High Unreviewed
CVE-2025-23944 was published Jan 22, 2025
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in... High Unreviewed
CVE-2025-0428 was published Jan 22, 2025
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in... High Unreviewed
CVE-2025-0429 was published Jan 22, 2025
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to... High Unreviewed
CVE-2024-49744 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This... Critical Unreviewed
CVE-2024-49688 was published Jan 21, 2025
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This... High Unreviewed
CVE-2024-49699 was published Jan 21, 2025
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2024-10936 was published Jan 21, 2025
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote... High Unreviewed
CVE-2025-0586 was published Jan 20, 2025
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of... High Unreviewed
CVE-2024-12703 was published Jan 17, 2025
Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders Moderate
CVE-2024-56515 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Microsoft Excel Security Feature Bypass Vulnerability High Unreviewed
CVE-2025-21364 was published Jan 14, 2025
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and... High Unreviewed
CVE-2024-13163 was published Jan 14, 2025
Rasa Allows Remote Code Execution via Remote Model Loading Critical
CVE-2024-49375 was published for rasa (pip) Jan 14, 2025
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This... Critical Unreviewed
CVE-2025-22777 was published Jan 13, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-12877 was published Jan 11, 2025
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin... High Unreviewed
CVE-2024-12627 was published Jan 11, 2025
Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This... Moderate Unreviewed
CVE-2024-13297 was published Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database