Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,881
Maven
5,000+
npm
5,000+
NuGet
958
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,364
Swift
54
Unreviewed advisories
All unreviewed
5,000+

2,499 advisories

Loading
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz Credited to AdamKorcz, sonnyhcl, sunSUNQ, pjfanning, and albertabiev1 sonnyhcl sonnyhcl
sunSUNQ sunSUNQ pjfanning pjfanning albertabiev1 albertabiev1
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE Critical
CVE-2026-41586 was published for org.hyperledger.fabric-sdk-java:fabric-sdk-java (Maven) Apr 29, 2026
brodmart Credited to brodmart
Potential remote code execution in Apache Tomcat High
CVE-2020-9484 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 21, 2020
sunSUNQ Credited to sunSUNQ and aruneko aruneko aruneko
NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of... High Unreviewed
CVE-2026-24216 was published May 20, 2026
The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5)... Critical Unreviewed
CVE-2026-31072 was published May 19, 2026
NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized... Moderate Unreviewed
CVE-2026-24142 was published May 20, 2026
NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could... High Unreviewed
CVE-2025-33255 was published May 20, 2026
NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could ... High Unreviewed
CVE-2026-24163 was published May 20, 2026
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and... Critical Unreviewed
CVE-2026-7637 was published May 20, 2026
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The... High Unreviewed
CVE-2026-32590 was published Apr 8, 2026
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution ... High Unreviewed
CVE-2026-6009 was published May 19, 2026
HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal... Critical Unreviewed
CVE-2026-43633 was published May 19, 2026
The extension passes an attacker-controlled cookie directly to PHP's unserialize() without safely... Critical Unreviewed
CVE-2026-46725 was published May 19, 2026
The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to... High Unreviewed
CVE-2026-8727 was published May 19, 2026
Snorkel Trainer.load uses an unsafe torch.load High
CVE-2026-31222 was published for snorkel (pip) May 12, 2026
Snorkel MultitaskClassifier.load uses an unsafe torch.load High
CVE-2026-31224 was published for snorkel (pip) May 12, 2026
Snorkel BaseLabeler.load uses an unsafe pickle.load High
CVE-2026-31223 was published for snorkel (pip) May 12, 2026
PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization High
CVE-2026-31221 was published for pytorch-lightning (pip) May 12, 2026
SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which... Critical Unreviewed
CVE-2026-44126 was published May 8, 2026
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when... Critical Unreviewed
CVE-2026-7304 was published May 18, 2026
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and... Critical Unreviewed
CVE-2026-7301 was published May 18, 2026
pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager High
CVE-2026-7818 was published for pgadmin4 (pip) May 11, 2026
Graphite Has a Pickle Deserialization Vulnerability High
GHSA-qw48-84f6-28gv was published for graphitedb (pip) May 18, 2026
mkh-user Credited to mkh-user
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a... Moderate Unreviewed
CVE-2026-8612 was published May 15, 2026
The _load_model() function in the neural_magic_training.py script of the optimate project in... High Unreviewed
CVE-2026-31218 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database