Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
47
Go
3,295
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,524
Pub
12
RubyGems
1,008
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

266 advisories

Loading
The mailqueue TYPO3 extension has Insecure Deserialization in `TransportFailure` class Moderate
CVE-2026-1323 was published for cpsit/typo3-mailqueue (Composer) Mar 18, 2026
eliashaeussler Credited to eliashaeussler
Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure... Moderate Unreviewed
CVE-2025-13913 was published Mar 12, 2026
LangGraph checkpoint loading has unsafe msgpack deserialization Moderate
CVE-2026-28277 was published for langgraph (pip) Mar 5, 2026
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which... Moderate Unreviewed
CVE-2026-1542 was published Feb 28, 2026
LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution Moderate
CVE-2026-27794 was published for langgraph-checkpoint (pip) Feb 25, 2026
zdi-disclosures Credited to zdi-disclosures
DiskCache has unsafe pickle deserialization Moderate
CVE-2025-69872 was published for diskcache (pip) Feb 11, 2026
The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which... Moderate Unreviewed
CVE-2026-1235 was published Feb 11, 2026
Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated... Moderate Unreviewed
CVE-2026-23685 was published Feb 10, 2026
picklescan vulnerable to arbitrary file create using logging.FileHandler Moderate
GHSA-m7j5-r2p5-c39r was published for picklescan (pip) Feb 2, 2026
ez-lbz Credited to ez-lbz
A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function... Moderate Unreviewed
CVE-2026-1691 was published Jan 30, 2026
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization Moderate
CVE-2026-23946 was published for tendenci (pip) Jan 21, 2026
nedlir Credited to nedlir
mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport Moderate
CVE-2026-0895 was published for cpsit/typo3-mailqueue (Composer) Jan 21, 2026
eliashaeussler Credited to eliashaeussler
TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool Moderate
CVE-2026-0859 was published for typo3/cms-core (Composer) Jan 13, 2026
eliashaeussler Credited to eliashaeussler and ohader ohader ohader
Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing Moderate
CVE-2026-22187 was published for ome:pom-bio-formats (Maven) Jan 7, 2026
A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar:... Moderate Unreviewed
CVE-2025-15438 was published Jan 2, 2026
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of... Moderate Unreviewed
CVE-2025-15375 was published Dec 31, 2025
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length Moderate
GHSA-6556-fwc2-fg2p was published for picklescan (pip) Dec 30, 2025
ac0d3r Credited to ac0d3r and Lyutoon Lyutoon Lyutoon
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval Moderate
GHSA-cffc-mxrf-mhh4 was published for picklescan (pip) Dec 29, 2025
CoolwindHF Credited to CoolwindHF
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization Moderate
CVE-2025-13467 was published for org.keycloak:keycloak-ldap-federation (Maven) Dec 19, 2025
eminaktas Credited to eminaktas
Genymobile/scrcpy versions up to and including 3.3.3 and prior to commit 3e40b24 contain a global... Moderate Unreviewed
CVE-2025-34449 was published Dec 19, 2025
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Next Server Actions Source Code Exposure Moderate
GHSA-w37m-7fhw-fmv9 was published for next (npm) Dec 11, 2025
Source Code Exposure Vulnerability in React Server Components Moderate
CVE-2025-55183 was published for react-server-dom-parcel (npm) Dec 11, 2025
Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP... Moderate Unreviewed
CVE-2025-67535 was published Dec 9, 2025
The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and... Moderate Unreviewed
CVE-2025-9191 was published Nov 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database