Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,147 advisories

Loading
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP... High Unreviewed
CVE-2026-37552 was published May 1, 2026
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client ... High Unreviewed
CVE-2026-42471 was published May 1, 2026
The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically... High Unreviewed
CVE-2026-7584 was published May 1, 2026
PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled High
CVE-2026-34084 was published for phpoffice/phpspreadsheet (Composer) Apr 29, 2026
calligraf0 Credited to calligraf0
NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization... High Unreviewed
CVE-2026-24186 was published Apr 28, 2026
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes... High Unreviewed
CVE-2026-40858 was published Apr 27, 2026
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer... High Unreviewed
CVE-2026-40473 was published Apr 27, 2026
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files... High Unreviewed
CVE-2026-40048 was published Apr 27, 2026
k8sGPT has Prompt Injection through its k8sGPT-Operator High
GHSA-rp7v-4384-hfrp was published for github.com/k8sgpt-ai/k8sgpt (Go) Apr 24, 2026
haruki3hhh Credited to haruki3hhh
Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization High
CVE-2026-41486 was published for ray (pip) Apr 24, 2026
shakevsky Credited to shakevsky
camel-infinispan Vulnerable to Deserialization of Untrusted Data High
CVE-2026-6857 was published for org.apache.camel:camel-infinispan (Maven) Apr 22, 2026
In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control... High Unreviewed
CVE-2026-6023 was published Apr 22, 2026
OpenMage LTS: Phar Deserialization leads to Remote Code Execution High
CVE-2026-25524 was published for openmage/magento-lts (Composer) Apr 21, 2026
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider... High Unreviewed
CVE-2026-39467 was published Apr 21, 2026
Apache Airflow allows code execution through crafted XCom payloads High
CVE-2026-25917 was published for apache-airflow-core (pip) Apr 18, 2026
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an... High Unreviewed
CVE-2026-32184 was published Apr 14, 2026
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate... High Unreviewed
CVE-2026-32192 was published Apr 14, 2026
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for... High Unreviewed
CVE-2026-3017 was published Apr 14, 2026
Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API High
CVE-2026-33858 was published for apache-airflow (pip) Apr 13, 2026
Keras has an untrusted deserialization vulnerability High
CVE-2026-1462 was published for keras (pip) Apr 13, 2026
Apache Storm: Deserialization of Untrusted Data vulnerability High
CVE-2026-35337 was published for org.apache.storm:storm-client (Maven) Apr 13, 2026
React Server Components have a Denial of Service Vulnerability High
CVE-2026-23869 was published for react-server-dom-parcel (npm) Apr 10, 2026
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The... High Unreviewed
CVE-2026-32590 was published Apr 8, 2026
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute... High Unreviewed
CVE-2026-3357 was published Apr 8, 2026
MONAI: Unsafe functions lead to pickle deserialization rce High
GHSA-89gg-p5r5-q6r4 was published for monai (pip) Apr 7, 2026
hnking-star Credited to hnking-star
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database