Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
3,994
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,390
Swift
61
Unreviewed advisories
All unreviewed
5,000+

2,553 advisories

Loading
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection High
CVE-2025-27511 was published for org.geoserver.extension:gs-db2 (Maven) Jun 11, 2026
H4cking2theGate Credited to H4cking2theGate, jodygarnett, and aaime jodygarnett jodygarnett
aaime aaime
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing... High Unreviewed
CVE-2026-41699 was published Jun 11, 2026
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform... High Unreviewed
CVE-2026-20251 was published Jun 10, 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have... High Unreviewed
CVE-2026-53435 was published Jun 10, 2026
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the  in... High Unreviewed
CVE-2026-10721 was published Jun 10, 2026
An attacker who intercepts and tampers with traffic between the client application and the API... Moderate Unreviewed
CVE-2026-11815 was published Jun 10, 2026
JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against... High Unreviewed
CVE-2026-41731 was published Jun 10, 2026
JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check,... High Unreviewed
CVE-2026-41732 was published Jun 10, 2026
An attacker with write permissions to the database table managed by... High Unreviewed
CVE-2026-40993 was published Jun 10, 2026
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... Critical Unreviewed
CVE-2026-44963 was published Jun 10, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... Moderate Unreviewed
CVE-2026-48560 was published Jun 9, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-45484 was published Jun 9, 2026
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-26142 was published Jun 9, 2026
The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code... High Unreviewed
CVE-2026-8365 was published Jun 9, 2026
In an untrusted JMS environment, org.springframework.jms.support.converter... High Unreviewed
CVE-2026-41855 was published Jun 9, 2026
PHPSpreadsheet has a patch bypass for CVE-2026-34084 Critical
CVE-2026-45034 was published for phpoffice/phpspreadsheet (Composer) Jun 8, 2026
everping Credited to everping
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object... Moderate Unreviewed
CVE-2026-7566 was published Jun 6, 2026
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote... High Unreviewed
CVE-2026-7654 was published Jun 6, 2026
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization... High Unreviewed
CVE-2026-25551 was published Jun 4, 2026
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java... Critical Unreviewed
CVE-2026-50076 was published Jun 4, 2026
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the... High Unreviewed
CVE-2026-7888 was published Jun 3, 2026
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE High
CVE-2026-42211 was published for react-router (npm) Jun 3, 2026
SM41ldRag0n Credited to SM41ldRag0n
AIOHTTP is Vulnerable to Deserialization of Untrusted Data Moderate
CVE-2026-34993 was published for aiohttp (pip) Jun 3, 2026
tsigouris007 Credited to tsigouris007 and YuvalElbar6 YuvalElbar6 YuvalElbar6
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect... Critical Unreviewed
CVE-2026-47065 was published Jun 3, 2026
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization... High Unreviewed
CVE-2026-24221 was published Jun 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database