Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,910 advisories

Loading
Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows... Critical Unreviewed
CVE-2025-39356 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows... Critical Unreviewed
CVE-2025-39348 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection... Critical Unreviewed
CVE-2025-32927 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar... Critical Unreviewed
CVE-2025-47581 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder -... Critical Unreviewed
CVE-2025-39410 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot... Critical Unreviewed
CVE-2025-47582 was published May 19, 2025
A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic.... Moderate Unreviewed
CVE-2025-4905 was published May 19, 2025
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object... High Unreviewed
CVE-2025-48134 was published May 16, 2025
The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed
CVE-2025-3623 was published May 14, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker... High Unreviewed
CVE-2025-30378 was published May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker... High Unreviewed
CVE-2025-30382 was published May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker... High Unreviewed
CVE-2025-30384 was published May 13, 2025
SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload... Critical Unreviewed
CVE-2025-42999 was published May 13, 2025
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java... Low Unreviewed
CVE-2025-30012 was published May 13, 2025
An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation... Moderate Unreviewed
CVE-2025-46738 was published May 12, 2025
Microsoft Dataverse Remote Code Execution Vulnerability High Unreviewed
CVE-2025-47732 was published May 9, 2025
Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows... High Unreviewed
CVE-2025-47683 was published May 7, 2025
Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object... High Unreviewed
CVE-2025-47629 was published May 7, 2025
The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to,... Critical Unreviewed
CVE-2025-0855 was published May 7, 2025
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration High
CVE-2025-30165 was published for vllm (pip) May 6, 2025
avioligo russellb
NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an... High Unreviewed
CVE-2025-23254 was published May 1, 2025
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote... High Unreviewed
CVE-2025-34491 was published Apr 28, 2025
GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A... High Unreviewed
CVE-2025-34489 was published Apr 28, 2025
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Low Unreviewed
CVE-2023-35814 was published Apr 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database