Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,373 advisories

Loading
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-0911 was published Jan 24, 2026
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that... High Unreviewed
CVE-2021-47904 was published Jan 23, 2026
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability... High Unreviewed
CVE-2021-47888 was published Jan 23, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade... High Unreviewed
CVE-2025-10856 was published Jan 22, 2026
IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the... High Unreviewed
CVE-2025-33015 was published Jan 20, 2026
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload... High Unreviewed
CVE-2026-1222 was published Jan 20, 2026
Livewire Filemanager does not restrict uploaded file types High
CVE-2025-14894 was published for livewire-filemanager/filemanager (Composer) Jan 16, 2026
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all... High Unreviewed
CVE-2025-12957 was published Jan 16, 2026
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows... High Unreviewed
CVE-2021-47788 was published Jan 16, 2026
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution... High Unreviewed
CVE-2021-47757 was published Jan 15, 2026
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution... High Unreviewed
CVE-2021-47758 was published Jan 15, 2026
The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all... High Unreviewed
CVE-2025-13062 was published Jan 15, 2026
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows... High Unreviewed
CVE-2022-50936 was published Jan 14, 2026
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated... High Unreviewed
CVE-2022-50916 was published Jan 14, 2026
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated... High Unreviewed
CVE-2022-50907 was published Jan 14, 2026
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution... High Unreviewed
CVE-2022-50898 was published Jan 14, 2026
Arbitrary file upload vulnerability exists in the web-based management interface of mobility... High Unreviewed
CVE-2025-37175 was published Jan 13, 2026
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal High
CVE-2026-22786 was published for github.com/flipped-aurora/gin-vue-admin (Go) Jan 13, 2026
D0ub1e-D
Credited to D0ub1e-D
An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the... High Unreviewed
CVE-2025-46068 was published Jan 12, 2026
The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper... High Unreviewed
CVE-2025-15158 was published Jan 7, 2026
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload... High Unreviewed
CVE-2025-15240 was published Jan 5, 2026
CWE-434 Unrestricted Upload of File with Dangerous Type High Unreviewed
CVE-2025-55061 was published Dec 29, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload... High Unreviewed
CVE-2025-15067 was published Dec 29, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade... High Unreviewed
CVE-2025-2155 was published Dec 24, 2025
Cadmium CMS has a background arbitrary file upload vulnerability High
CVE-2025-51511 was published for cadmium-org/cadmium-cms (Composer) Dec 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database