Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,351 advisories

Loading
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-9314 was published Oct 5, 2024
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to... High Unreviewed
CVE-2024-3467 was published Jun 12, 2024
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2018-2628 was published May 14, 2022
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Critical
CVE-2024-47561 was published for org.apache.avro:avro-parent (Maven) Oct 3, 2024
Deserialization vulnerability in Helix workflow and REST Critical
CVE-2023-38647 was published for org.apache.helix:helix-core (Maven) Jul 26, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param High
CVE-2023-34434 was published for org.apache.inlong:manager-pojo (Maven) Jul 25, 2023
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... High Unreviewed
CVE-2024-7432 was published Oct 1, 2024
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... High Unreviewed
CVE-2024-7433 was published Oct 1, 2024
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to,... High Unreviewed
CVE-2024-7434 was published Oct 1, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. Moderate
CVE-2024-45772 was published for org.apache.lucene:lucene-replicator (Maven) Sep 30, 2024
streichsbaer
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-8353 was published Sep 28, 2024
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for org.apache.logging.log4j:log4j-core (Maven) Mar 10, 2023
jw123023
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is... High Unreviewed
CVE-2024-8922 was published Sep 27, 2024
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the... High Unreviewed
CVE-2024-43191 was published Sep 26, 2024
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is... High Unreviewed
CVE-2024-7576 was published Sep 25, 2024
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is... High Unreviewed
CVE-2024-8316 was published Sep 25, 2024
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces)... Critical Unreviewed
CVE-2022-21445 was published Apr 20, 2022
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object... Critical Unreviewed
CVE-2024-8514 was published Sep 25, 2024
jsonpickle unsafe deserialization Critical
CVE-2020-22083 was published for jsonpickle (pip) May 24, 2022
rtfpessoa
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is... High Unreviewed
CVE-2022-2439 was published Sep 24, 2024
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).  This... High Unreviewed
CVE-2024-42323 was published Sep 21, 2024
ipycache is vulnerable to Code Injection Critical
CVE-2019-7539 was published for ipycache (pip) Mar 25, 2019
SOFA Hessian Remote Command Execution (RCE) Vulnerability High
CVE-2024-46983 was published for com.alipay.sofa:hessian (Maven) Sep 19, 2024
unam4 springkill
LangChain pickle deserialization of untrusted data Moderate
CVE-2024-5998 was published for langchain-community (pip) Sep 17, 2024
BarrensZeppelin
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21839 was published Jan 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database