Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,908 advisories

Loading
Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to... Critical Unreviewed
CVE-2025-34153 was published Aug 13, 2025
An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an... Moderate Unreviewed
CVE-2025-2180 was published Aug 13, 2025
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-7384 was published Aug 13, 2025
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality High
CVE-2025-8747 was published for keras (pip) Aug 12, 2025
io-no
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code... High Unreviewed
CVE-2025-53772 was published Aug 12, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2025-49712 was published Aug 12, 2025
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 ... High Unreviewed
CVE-2024-54678 was published Aug 12, 2025
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 ... High Unreviewed
CVE-2025-40759 was published Aug 12, 2025
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass High
GHSA-9gvj-pp9x-gcfr was published for picklescan (pip) Aug 12, 2025
Lyutoon
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via... Critical Unreviewed
CVE-2025-45146 was published Aug 11, 2025
Duplicate Advisory: Keras safe mode bypass vulnerability High
GHSA-pwq7-2gvj-vg9v was published for keras (pip) Aug 11, 2025 withdrawn
Apache Seata: Deserialization of untrusted Data in Apache Seata Server High
CVE-2025-53606 was published for org.apache.seata:seata-serializer-fury (Maven) Aug 8, 2025
ERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a... Moderate Unreviewed
CVE-2025-55136 was published Aug 7, 2025
SKOPS Card.get_model happily allows arbitrary code execution High
CVE-2025-54886 was published for skops (pip) Aug 7, 2025
io-no
ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of... Moderate Unreviewed
CVE-2025-54639 was published Aug 6, 2025
ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of... Moderate Unreviewed
CVE-2025-54640 was published Aug 6, 2025
Issue of inconsistent read/write serialization in the ad module. Impact: Successful exploitation... Moderate Unreviewed
CVE-2025-54638 was published Aug 6, 2025
Deserialization vulnerability of untrusted data in the ability module. Impact: Successful... Moderate Unreviewed
CVE-2025-54620 was published Aug 6, 2025
The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through... Critical Unreviewed
CVE-2025-50472 was published Aug 1, 2025
MS SWIFT Deserialization RCE Vulnerability Moderate
GHSA-r54c-2xmf-2cf3 was published for ms-swift (pip) Jul 31, 2025
TencentAISec
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization Low
CVE-2025-50460 was published for ms-swift (pip) Jul 31, 2025
Anchor0221
CVE-2025-49083 is a vulnerability in the management console of Absolute Secure Access after... High Unreviewed
CVE-2025-49083 was published Jul 31, 2025
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to... High Unreviewed
CVE-2025-53078 was published Jul 29, 2025
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical.... Moderate Unreviewed
CVE-2025-8227 was published Jul 27, 2025
SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local... High Unreviewed
CVE-2025-26397 was published Jul 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database