Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

512 advisories

Loading
Insecure Deserialization in TYPO3 CMS High
GHSA-8h28-f46f-m87h was published for typo3/cms (Composer) Jun 5, 2024
Skops unsafe deserialization High
CVE-2024-37065 was published for skops (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37057 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37060 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37058 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37059 was published for mlflow (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37064 was published for ydata-profiling (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37062 was published for ydata-profiling (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37052 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37054 was published for mlflow (pip) Jun 4, 2024
litios
MLFlow unsafe deserialization High
CVE-2024-37053 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37056 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37055 was published for mlflow (pip) Jun 4, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling High
GHSA-5h5v-m596-r6rf was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 CMS Insecure Deserialization High
GHSA-96jg-pmc4-cx39 was published for typo3/cms-core (Composer) May 30, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-mmcv-fvq8-r9x3 was published for symfony/symfony (Composer) May 30, 2024
Laravel Cookie serialization vulnerability High
GHSA-6jvx-8ch9-j2jr was published for laravel/framework (Composer) May 15, 2024
Laravel Cookie serialization vulnerability High
GHSA-2867-6rrm-38gr was published for illuminate/cookie (Composer) May 15, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability High
CVE-2024-26579 was published for org.apache.inlong:manager-pojo (Maven) May 8, 2024
image-optimizer allows PHAR deserialization High
CVE-2024-34515 was published for spatie/image-optimizer (Composer) May 5, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization Moderate
CVE-2024-34075 was published for kurwov (npm) May 3, 2024
SuperchupuDev
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data High
CVE-2024-34072 was published for sagemaker (pip) May 3, 2024
Kasimir123
timber/timber vulnerable to Deserialization of Untrusted Data High
CVE-2024-29800 was published for timber/timber (Composer) Apr 12, 2024
Sonicrrrr dennisenderink
Transformers Deserialization of Untrusted Data vulnerability Low
CVE-2024-3568 was published for transformers (pip) Apr 10, 2024
RDoc RCE vulnerability with .rdoc_options Moderate
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database