Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,418 advisories

Loading
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated... High Unreviewed
CVE-2018-25158 was published Feb 21, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons... Unknown Unreviewed
CVE-2025-69403 was published Feb 20, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard... Unknown Unreviewed
CVE-2025-68549 was published Feb 20, 2026
carbon-apimgt does not properly restrict uploaded files Critical
CVE-2025-13590 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl (Maven) Feb 19, 2026
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2026-1405 was published Feb 19, 2026
The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12500 was published Feb 19, 2026
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote... High Unreviewed
CVE-2025-70151 was published Feb 18, 2026
IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary... High Unreviewed
CVE-2025-13689 was published Feb 18, 2026
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload... Low Unreviewed
CVE-2025-36183 was published Feb 18, 2026
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2026-1306 was published Feb 14, 2026
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple... Critical Unreviewed
CVE-2026-1358 was published Feb 13, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing... Critical Unreviewed
CVE-2025-14014 was published Feb 12, 2026
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and... High Unreviewed
CVE-2024-50620 was published Feb 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18... Moderate Unreviewed
CVE-2026-1458 was published Feb 11, 2026
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2026-1357 was published Feb 11, 2026
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing... High Unreviewed
CVE-2026-2097 was published Feb 10, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies... High Unreviewed
CVE-2025-10465 was published Feb 9, 2026
A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some... Moderate Unreviewed
CVE-2026-2164 was published Feb 8, 2026
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the... Moderate Unreviewed
CVE-2026-2146 was published Feb 8, 2026
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin.... High Unreviewed
CVE-2025-69906 was published Feb 5, 2026
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that... High Unreviewed
CVE-2020-37117 was published Feb 5, 2026
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340
Credited to nlgbao1340
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an... High Unreviewed
CVE-2026-20098 was published Feb 4, 2026
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing... Moderate Unreviewed
CVE-2025-69618 was published Feb 4, 2026
A non-administrative user can upload malicious files. When an administrator or the product... Moderate Unreviewed
CVE-2026-23704 was published Feb 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database