Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

713 advisories

Loading
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator High
CVE-2025-24357 was published for vllm (pip) Jan 27, 2025
DogeWatch
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-12600 was published Jan 25, 2025
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2... High Unreviewed
CVE-2024-31903 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM allows Object Injection.... High Unreviewed
CVE-2025-23944 was published Jan 22, 2025
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in... High Unreviewed
CVE-2025-0428 was published Jan 22, 2025
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in... High Unreviewed
CVE-2025-0429 was published Jan 22, 2025
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to... High Unreviewed
CVE-2024-49744 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This... High Unreviewed
CVE-2024-49699 was published Jan 21, 2025
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2024-10936 was published Jan 21, 2025
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote... High Unreviewed
CVE-2025-0586 was published Jan 20, 2025
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of... High Unreviewed
CVE-2024-12703 was published Jan 17, 2025
Microsoft Excel Security Feature Bypass Vulnerability High Unreviewed
CVE-2025-21364 was published Jan 14, 2025
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and... High Unreviewed
CVE-2024-13163 was published Jan 14, 2025
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin... High Unreviewed
CVE-2024-12627 was published Jan 11, 2025
Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk WC Price History for Omnibus... High Unreviewed
CVE-2025-22510 was published Jan 9, 2025
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload... High Unreviewed
CVE-2022-45185 was published Jan 7, 2025
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an... High Unreviewed
CVE-2024-55555 was published Jan 7, 2025
Deserialization of Untrusted Data vulnerability in plainware.com PlainInventory allows Object... High Unreviewed
CVE-2024-56291 was published Jan 7, 2025
Deserialization of Untrusted Data vulnerability in plainware.com Locatoraid Store Locator allows... High Unreviewed
CVE-2024-56283 was published Jan 7, 2025
The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection... High Unreviewed
CVE-2024-12313 was published Jan 7, 2025
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-11465 was published Jan 7, 2025
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial... High Unreviewed
CVE-2024-20150 was published Jan 6, 2025
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-10957 was published Jan 4, 2025
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed
CVE-2024-10932 was published Jan 4, 2025
Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBackup.This issue affects WP... High Unreviewed
CVE-2024-56068 was published Dec 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database