GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,351 advisories
Filter by severity
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-9314
was published
Oct 5, 2024
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to...
High
Unreviewed
CVE-2024-3467
was published
Jun 12, 2024
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:...
Critical
Unreviewed
CVE-2018-2628
was published
May 14, 2022
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Critical
CVE-2024-47561
was published
for
org.apache.avro:avro-parent
(Maven)
Oct 3, 2024
Deserialization vulnerability in Helix workflow and REST
Critical
CVE-2023-38647
was published
for
org.apache.helix:helix-core
(Maven)
Jul 26, 2023
JDBC URL bypassing by allowLoadLocalInfileInPath param
High
CVE-2023-34434
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 25, 2023
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to,...
High
Unreviewed
CVE-2024-7432
was published
Oct 1, 2024
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to,...
High
Unreviewed
CVE-2024-7433
was published
Oct 1, 2024
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to,...
High
Unreviewed
CVE-2024-7434
was published
Oct 1, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Moderate
CVE-2024-45772
was published
for
org.apache.lucene:lucene-replicator
(Maven)
Sep 30, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP...
Critical
Unreviewed
CVE-2024-8353
was published
Sep 28, 2024
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is...
High
Unreviewed
CVE-2024-8922
was published
Sep 27, 2024
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the...
High
Unreviewed
CVE-2024-43191
was published
Sep 26, 2024
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is...
High
Unreviewed
CVE-2024-7576
was published
Sep 25, 2024
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is...
High
Unreviewed
CVE-2024-8316
was published
Sep 25, 2024
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces)...
Critical
Unreviewed
CVE-2022-21445
was published
Apr 20, 2022
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object...
Critical
Unreviewed
CVE-2024-8514
was published
Sep 25, 2024
jsonpickle unsafe deserialization
Critical
CVE-2020-22083
was published
for
jsonpickle
(pip)
May 24, 2022
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is...
High
Unreviewed
CVE-2022-2439
was published
Sep 24, 2024
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).
This...
High
Unreviewed
CVE-2024-42323
was published
Sep 21, 2024
ipycache is vulnerable to Code Injection
Critical
CVE-2019-7539
was published
for
ipycache
(pip)
Mar 25, 2019
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
LangChain pickle deserialization of untrusted data
Moderate
CVE-2024-5998
was published
for
langchain-community
(pip)
Sep 17, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21839
was published
Jan 18, 2023
ProTip!
Advisories are also available from the
GraphQL API