WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,037 advisories

Loading
NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could... High Unreviewed
CVE-2025-33214 was published Dec 9, 2025
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where... High Unreviewed
CVE-2025-33213 was published Dec 9, 2025
Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP... Moderate Unreviewed
CVE-2025-67535 was published Dec 9, 2025
Under certain conditions, a high privileged user could exploit a deserialization vulnerability in... Critical Unreviewed
CVE-2025-42928 was published Dec 9, 2025
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer) High
CVE-2025-66631 was published for Csla (NuGet) Dec 8, 2025
rockfordlhotka Outurnate
Credited to rockfordlhotka and Outurnate
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in... Critical Unreviewed
CVE-2025-66571 was published Dec 4, 2025
React Server Components are Vulnerable to RCE Critical
GHSA-fmh4-wr37-44fp was published for @vitejs/plugin-rsc (npm) Dec 3, 2025
React Server Components are Vulnerable to RCE Critical
CVE-2025-55182 was published for react-server-dom-parcel (npm) Dec 3, 2025
lachlan2k PiotrBorowski
nozo-moto leogasparini mtorp mnahkies mswilson AsapHogFtw
Credited to lachlan2k, PiotrBorowski, nozo-moto, leogasparini, mtorp, mnahkies, mswilson, and AsapHogFtw
Next.js is vulnerable to RCE in React flight protocol Critical
GHSA-9qr9-h5gf-34mp was published for next (npm) Dec 3, 2025
lachlan2k bytera
larskaare mswilson conorfitch tockn
Credited to lachlan2k, bytera, larskaare, mswilson, conorfitch, and tockn
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a... High Unreviewed
CVE-2025-41700 was published Dec 1, 2025
The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and... Moderate Unreviewed
CVE-2025-9191 was published Nov 26, 2025
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material... Critical Unreviewed
CVE-2025-51742 was published Nov 25, 2025
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to... Critical Unreviewed
CVE-2025-51745 was published Nov 25, 2025
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory... Critical Unreviewed
CVE-2025-51743 was published Nov 25, 2025
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint... Critical Unreviewed
CVE-2025-51746 was published Nov 25, 2025
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to... Critical Unreviewed
CVE-2025-51744 was published Nov 25, 2025
An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute... Critical Unreviewed
CVE-2025-61168 was published Nov 25, 2025
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer High
CVE-2025-62703 was published for fugue (pip) Nov 25, 2025
Chenpinji
Credited to Chenpinji
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization Moderate
CVE-2025-13467 was published for org.keycloak:keycloak-ldap-federation (Maven) Nov 25, 2025
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email... High Unreviewed
CVE-2025-66055 was published Nov 21, 2025
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows... Moderate Unreviewed
CVE-2025-66073 was published Nov 21, 2025
IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11... High Unreviewed
CVE-2025-36072 was published Nov 21, 2025
Microsoft SharePoint Online Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59245 was published Nov 21, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion russellb
DarkLight1337 Isotr0py ywang96
Credited to omriaxion, russellb, DarkLight1337, Isotr0py, and ywang96
Apache Causeway vulnerable to deserialization in Java Critical
CVE-2025-64408 was published for org.apache.causeway.commons:causeway-commons (Maven) Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database