Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,881
Maven
5,000+
npm
5,000+
NuGet
958
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,364
Swift
54
Unreviewed advisories
All unreviewed
5,000+

2,499 advisories

Loading
NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of... High Unreviewed
CVE-2026-24216 was published May 20, 2026
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and... Critical Unreviewed
CVE-2026-7637 was published May 20, 2026
NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could ... High Unreviewed
CVE-2026-24163 was published May 20, 2026
NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized... Moderate Unreviewed
CVE-2026-24142 was published May 20, 2026
NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could... High Unreviewed
CVE-2025-33255 was published May 20, 2026
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution ... High Unreviewed
CVE-2026-6009 was published May 19, 2026
The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5)... Critical Unreviewed
CVE-2026-31072 was published May 19, 2026
HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal... Critical Unreviewed
CVE-2026-43633 was published May 19, 2026
The extension passes an attacker-controlled cookie directly to PHP's unserialize() without safely... Critical Unreviewed
CVE-2026-46725 was published May 19, 2026
The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to... High Unreviewed
CVE-2026-8727 was published May 19, 2026
Graphite Has a Pickle Deserialization Vulnerability High
GHSA-qw48-84f6-28gv was published for graphitedb (pip) May 18, 2026
mkh-user Credited to mkh-user
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when... Critical Unreviewed
CVE-2026-7304 was published May 18, 2026
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and... Critical Unreviewed
CVE-2026-7301 was published May 18, 2026
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a... Moderate Unreviewed
CVE-2026-8612 was published May 15, 2026
TanStack Start - Server Core: Inbound server-function request deserialization could invoke a sibling client-referenced server function Moderate
GHSA-9m65-766c-r333 was published for @tanstack/start-server-core (npm) May 14, 2026
mufeedvh Credited to mufeedvh
GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10... Moderate Unreviewed
CVE-2026-1184 was published May 14, 2026
An authenticated remote code execution vulnerability through undisclosed vectors exists in the... High Unreviewed
CVE-2026-41957 was published May 13, 2026
LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning High
CVE-2026-45134 was published for langchain (npm) May 13, 2026
Moaaz-0x Credited to Moaaz-0x and berardinellidaniele berardinellidaniele berardinellidaniele
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of... Critical Unreviewed
CVE-2026-34659 was published May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-40357 was published May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-40368 was published May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-35439 was published May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-33112 was published May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-33110 was published May 12, 2026
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its... Critical Unreviewed
CVE-2026-31237 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database