Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

2,426 advisories

Loading
k8sGPT has Prompt Injection through its k8sGPT-Operator High
GHSA-rp7v-4384-hfrp was published for github.com/k8sgpt-ai/k8sgpt (Go) Apr 24, 2026
haruki3hhh Credited to haruki3hhh
Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization High
CVE-2026-41486 was published for ray (pip) Apr 24, 2026
shakevsky Credited to shakevsky
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This... Moderate Unreviewed
CVE-2025-62233 was published Apr 24, 2026
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve... Critical Unreviewed
CVE-2026-26210 was published Apr 24, 2026
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute... Critical Unreviewed
CVE-2026-33819 was published Apr 24, 2026
LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where... Critical Unreviewed
CVE-2026-25874 was published Apr 23, 2026
Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer Critical
CVE-2025-62373 was published for pipecat-ai (pip) Apr 23, 2026
Chenpinji Credited to Chenpinji
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the... High Unreviewed
CVE-2026-6857 was published Apr 22, 2026
In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control... High Unreviewed
CVE-2026-6023 was published Apr 22, 2026
OpenMage LTS: Phar Deserialization leads to Remote Code Execution High
CVE-2026-25524 was published for openmage/magento-lts (Composer) Apr 21, 2026
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider... High Unreviewed
CVE-2026-39467 was published Apr 21, 2026
Apache Airflow allows code execution through crafted XCom payloads Critical
CVE-2026-25917 was published for apache-airflow-core (pip) Apr 18, 2026
Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32... Critical Unreviewed
CVE-2025-15610 was published Apr 15, 2026
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted... Critical Unreviewed
CVE-2026-34615 was published Apr 14, 2026
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an... High Unreviewed
CVE-2026-32184 was published Apr 14, 2026
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate... High Unreviewed
CVE-2026-32192 was published Apr 14, 2026
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted... Critical Unreviewed
CVE-2026-27303 was published Apr 14, 2026
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for... High Unreviewed
CVE-2026-3017 was published Apr 14, 2026
Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to... Critical Unreviewed
CVE-2026-40044 was published Apr 13, 2026
Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API High
CVE-2026-33858 was published for apache-airflow (pip) Apr 13, 2026
Keras has an untrusted deserialization vulnerability High
CVE-2026-1462 was published for keras (pip) Apr 13, 2026
Apache Storm: Deserialization of Untrusted Data vulnerability High
CVE-2026-35337 was published for org.apache.storm:storm-client (Maven) Apr 13, 2026
Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script... Moderate Unreviewed
CVE-2026-25204 was published Apr 13, 2026
React Server Components have a Denial of Service Vulnerability High
CVE-2026-23869 was published for react-server-dom-parcel (npm) Apr 10, 2026
When restoring a session from cache, a pointer from the serialized session data is used in a free... Moderate Unreviewed
CVE-2026-5507 was published Apr 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database