Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,204 advisories

Loading
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection High
CVE-2025-27511 was published for org.geoserver.extension:gs-db2 (Maven) Jun 11, 2026
H4cking2theGate Credited to H4cking2theGate, jodygarnett, and aaime jodygarnett jodygarnett
aaime aaime
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing... High Unreviewed
CVE-2026-41699 was published Jun 11, 2026
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform... High Unreviewed
CVE-2026-20251 was published Jun 10, 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have... High Unreviewed
CVE-2026-53435 was published Jun 10, 2026
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the  in... High Unreviewed
CVE-2026-10721 was published Jun 10, 2026
JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check,... High Unreviewed
CVE-2026-41732 was published Jun 10, 2026
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization High
CVE-2026-41731 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
oscerd Credited to oscerd
An attacker with write permissions to the database table managed by... High Unreviewed
CVE-2026-40993 was published Jun 10, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-45484 was published Jun 9, 2026
The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code... High Unreviewed
CVE-2026-8365 was published Jun 9, 2026
In an untrusted JMS environment, org.springframework.jms.support.converter... High Unreviewed
CVE-2026-41855 was published Jun 9, 2026
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote... High Unreviewed
CVE-2026-7654 was published Jun 6, 2026
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization... High Unreviewed
CVE-2026-25551 was published Jun 4, 2026
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the... High Unreviewed
CVE-2026-7888 was published Jun 3, 2026
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE High
CVE-2026-42211 was published for react-router (npm) Jun 3, 2026
SM41ldRag0n Credited to SM41ldRag0n
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization... High Unreviewed
CVE-2026-24221 was published Jun 2, 2026
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization... High Unreviewed
CVE-2026-24237 was published Jun 2, 2026
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. ... High Unreviewed
CVE-2026-39555 was published Jun 2, 2026
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection... High Unreviewed
CVE-2026-39550 was published Jun 2, 2026
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. ... High Unreviewed
CVE-2026-39551 was published Jun 2, 2026
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user... High Unreviewed
CVE-2026-9330 was published Jun 1, 2026
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted... High Unreviewed
CVE-2026-38950 was published Jun 1, 2026
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference... High Unreviewed
CVE-2026-45360 was published Jun 1, 2026
A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an... High Unreviewed
CVE-2026-42359 was published Jun 1, 2026
The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2025-11993 was published May 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database