GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
282 advisories
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization
Critical
CVE-2026-39324
was published
for
rack-session
(RubyGems)
Apr 8, 2026
OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
Critical
CVE-2026-33439
was published
for
org.openidentityplatform.openam:openam
(Maven)
Apr 7, 2026
Kedro has Arbitrary Code Execution via Malicious Logging Configuration
Critical
CVE-2026-35171
was published
for
kedro
(pip)
Apr 3, 2026
Qwik vulnerable to Unauthenticated RCE via server$ Deserialization
Critical
CVE-2026-27971
was published
for
@builder.io/qwik
(npm)
Mar 2, 2026
Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
Critical
CVE-2026-21531
was published
for
azure-ai-language-conversations-authoring
(pip)
Feb 10, 2026
EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)
Critical
CVE-2026-25632
was published
for
epyt-flow
(pip)
Feb 4, 2026
Laravel Redis Horizontal Scaling Insecure Deserialization
Critical
CVE-2026-23524
was published
for
laravel/reverb
(Composer)
Jan 21, 2026
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation
Critical
CVE-2025-68924
was published
for
UmbracoForms
(NuGet)
Jan 13, 2026
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
Critical
CVE-2025-68664
was published
for
langchain-core
(pip)
Dec 23, 2025
Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions
Critical
GHSA-vr6p-vq2p-6j74
was published
for
likec4
(npm)
Dec 15, 2025
•
withdrawn
React Server Components are Vulnerable to RCE
Critical
CVE-2025-55182
was published
for
react-server-dom-parcel
(npm)
Dec 3, 2025
Next.js is vulnerable to RCE in React flight protocol
Critical
GHSA-9qr9-h5gf-34mp
was published
for
next
(npm)
Dec 3, 2025
pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer
Critical
CVE-2025-62515
was published
for
pyquokka
(pip)
Oct 17, 2025
scio is vunerable to Remote Command Execution through PyTorch
Critical
GHSA-m9mp-6x32-5rhg
was published
for
scio-pypi
(pip)
Oct 9, 2025
ProTip!
Advisories are also available from the
GraphQL API