GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
Laravel Cookie serialization vulnerability
High
GHSA-6jvx-8ch9-j2jr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-2867-6rrm-38gr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
timber/timber vulnerable to Deserialization of Untrusted Data
High
CVE-2024-29800
was published
for
timber/timber
(Composer)
Apr 12, 2024
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder
Moderate
CVE-2024-28861
was published
for
friendsofsymfony1/symfony1
(Composer)
Mar 22, 2024
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Moderate
CVE-2024-28859
was published
for
friendsofsymfony1/swiftmailer
(Composer)
Mar 18, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Critical
GHSA-97m3-52wr-xvv2
was published
for
phenx/php-svg-lib
(Composer)
Feb 22, 2024
php-svg-lib lacks path validation on font through SVG inline styles
Moderate
CVE-2024-25117
was published
for
phenx/php-svg-lib
(Composer)
Feb 21, 2024
Deserialization of Untrusted Data in Torrentpier
Critical
CVE-2024-1651
was published
for
torrentpier/torrentpier
(Composer)
Feb 20, 2024
PHPEMS Deserialization of Untrusted Data vulnerability
Moderate
CVE-2023-6654
was published
for
phpems/phpems
(Composer)
Dec 10, 2023
yiisoft/yii deserializing untrusted user input can lead to remote code execution
High
CVE-2023-47130
was published
for
yiisoft/yii
(Composer)
Nov 14, 2023
Snappy PHAR deserialization vulnerability
Critical
CVE-2023-41330
was published
for
knplabs/knp-snappy
(Composer)
Sep 8, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution
Critical
CVE-2023-36825
was published
for
orchid/platform
(Composer)
Jul 11, 2023
PHAR deserialization allowing remote code execution
Critical
CVE-2023-28115
was published
for
knplabs/knp-snappy
(Composer)
Mar 17, 2023
Deserialization of Untrusted Data in thinkphp
Critical
CVE-2022-45982
was published
for
topthink/think
(Composer)
Feb 8, 2023
Prevent RCE when deserializing untrusted user input
High
CVE-2022-41922
was published
for
yiisoft/yii
(Composer)
Nov 21, 2022
Deserialization of Untrusted Data in librenms/librenms
High
CVE-2022-3525
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data
High
CVE-2022-39297
was published
for
melisplatform/melis-cms
(Composer)
Oct 11, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data
High
CVE-2022-39298
was published
for
melisplatform/melis-front
(Composer)
Oct 11, 2022
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Critical
CVE-2018-17057
was published
for
fooman/tcpdf
(Composer)
Oct 6, 2022
ThinkPHP deserialization vulnerability
Critical
CVE-2022-38352
was published
for
topthink/framework
(Composer)
Sep 16, 2022
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2022-33107
was published
for
topthink/framework
(Composer)
Jun 30, 2022
Unserialized Pop Chain in Laravel
Critical
CVE-2022-31279
was published
for
laravel/laravel
(Composer)
Jun 8, 2022
•
withdrawn
Typo3 Vulnerable to Insecure Deserialization
High
CVE-2019-12747
was published
for
typo3/cms
(Composer)
May 24, 2022
ThinkAdmin insecure unserialize vulnerability
Critical
CVE-2020-23653
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Subrion CMS PHP Object Injection
Moderate
CVE-2020-12469
was published
for
intelliants/subrion
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API