Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
Remote Code Execution in Laravel Critical
CVE-2021-43503 was published for laravel/laravel (Composer) Apr 9, 2022 withdrawn
mir-hossein
ThinkPHP deserialization vulnerability Critical
CVE-2022-38352 was published for topthink/framework (Composer) Sep 16, 2022
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2022-33107 was published for topthink/framework (Composer) Jun 30, 2022
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-23592 was published for topthink/framework (Composer) May 7, 2022
Deserialization of Untrusted Data in NukeViet Critical
CVE-2019-7725 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
Fixes a bug in Zend Framework's Stream HTTP Wrapper Critical
CVE-2021-21426 was published for openmage/magento-lts (Composer) Apr 22, 2021
Insecure Deserialization of untrusted data in rmccue/requests Critical
CVE-2021-29476 was published for rmccue/requests (Composer) Apr 29, 2021
xknown whyisjake
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36567 was published for topthink/framework (Composer) Dec 7, 2021
jhutchings1
Deserialization of Untrusted Data in thinkphp Critical
CVE-2022-45982 was published for topthink/think (Composer) Feb 8, 2023
PHAR deserialization allowing remote code execution Critical
CVE-2023-28115 was published for knplabs/knp-snappy (Composer) Mar 17, 2023
psmoros nightfury99
Spoon Library as used in Fork CMS allows PHP object injection Critical
CVE-2019-15521 was published for spoon/library (Composer) May 24, 2022
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36564 was published for topthink/framework (Composer) Dec 10, 2021
Joomla! Object Injection Vulnerability Critical
CVE-2019-7743 was published for joomla/joomla-cms (Composer) May 13, 2022
Laravel Framework Deserialization Vulnerability Critical
CVE-2019-9081 was published for laravel/framework (Composer) May 14, 2022
Snappy PHAR deserialization vulnerability Critical
CVE-2023-41330 was published for knplabs/knp-snappy (Composer) Sep 8, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution Critical
CVE-2023-36825 was published for orchid/platform (Composer) Jul 11, 2023
catferq
Magento deserialization vulnerability Critical
CVE-2020-3716 was published for magento/community-edition (Composer) May 24, 2022
Deserialization of Untrusted Data in codeception/codeception Critical
CVE-2021-23420 was published for codeception/codeception (Composer) Sep 1, 2021
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
TCPDF vulnerable to attackers triggering deserialization of arbitrary data Critical
CVE-2018-17057 was published for fooman/tcpdf (Composer) Oct 6, 2022
PharStreamWrapper for Typo3 unsafe deserialization vulnerability Critical
CVE-2019-11830 was published for typo3/phar-stream-wrapper (Composer) May 24, 2022
Directory Traversal in typo3/phar-stream-wrapper Critical
CVE-2019-11831 was published for drupal/core (Composer) Sep 30, 2021
Object injection in PHPMailer/PHPMailer Critical
CVE-2020-36326 was published for phpmailer/phpmailer (Composer) May 4, 2021
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database