GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
272 advisories
Laravel Redis Horizontal Scaling Insecure Deserialization
Critical
CVE-2026-23524
was published
for
laravel/reverb
(Composer)
Jan 21, 2026
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation
Critical
CVE-2025-68924
was published
for
UmbracoForms
(NuGet)
Jan 13, 2026
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
Critical
CVE-2025-68664
was published
for
langchain-core
(pip)
Dec 23, 2025
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Critical
CVE-2025-49113
was published
for
roundcube/roundcubemail
(Composer)
Jun 2, 2025
Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions
Critical
GHSA-vr6p-vq2p-6j74
was published
for
likec4
(npm)
Dec 15, 2025
•
withdrawn
Next.js is vulnerable to RCE in React flight protocol
Critical
GHSA-9qr9-h5gf-34mp
was published
for
next
(npm)
Dec 3, 2025
React Server Components are Vulnerable to RCE
Critical
CVE-2025-55182
was published
for
react-server-dom-parcel
(npm)
Dec 3, 2025
Apache IoTDB: Deserialization of untrusted Data
Critical
CVE-2025-48459
was published
for
org.apache.iotdb:iotdb-confignode
(Maven)
Sep 24, 2025
Apache ActiveMQ is vulnerable to Remote Code Execution
Critical
CVE-2023-46604
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 27, 2023
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Critical
CVE-2025-24813
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 10, 2025
Wazuh server vulnerable to remote code execution
Critical
CVE-2025-24016
was published
for
github.com/wazuh/wazuh
(Go)
Apr 22, 2025
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Deserialization of Untrusted Data in Liferay Portal
Critical
CVE-2020-7961
was published
for
com.liferay.portal:com.liferay.portal.kernel
(Maven)
May 24, 2022
pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer
Critical
CVE-2025-62515
was published
for
pyquokka
(pip)
Oct 17, 2025
ProTip!
Advisories are also available from the
GraphQL API