Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,270 advisories

Loading
carbon-apimgt does not properly restrict uploaded files Critical
CVE-2025-13590 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl (Maven) Feb 19, 2026
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2026-1405 was published Feb 19, 2026
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2026-1306 was published Feb 14, 2026
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple... Critical Unreviewed
CVE-2026-1358 was published Feb 13, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing... Critical Unreviewed
CVE-2025-14014 was published Feb 12, 2026
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2026-1357 was published Feb 11, 2026
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340
Credited to nlgbao1340
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to... Critical Unreviewed
CVE-2025-61506 was published Feb 3, 2026
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor Critical
CVE-2026-25510 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons
Credited to Far-Horizons
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without... Critical Unreviewed
CVE-2026-25200 was published Feb 2, 2026
An unrestricted upload of file with dangerous type vulnerability in the file upload function of... Critical Unreviewed
CVE-2026-24729 was published Jan 30, 2026
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download... Critical Unreviewed
CVE-2025-57795 was published Jan 28, 2026
Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload... Critical Unreviewed
CVE-2025-57794 was published Jan 28, 2026
code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. Critical Unreviewed
CVE-2025-69559 was published Jan 27, 2026
code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php. Critical Unreviewed
CVE-2025-69565 was published Jan 27, 2026
Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability... Critical Unreviewed
CVE-2026-24815 was published Jan 27, 2026
The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-13374 was published Jan 24, 2026
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818... Critical Unreviewed
CVE-2025-69828 was published Jan 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro... Critical Unreviewed
CVE-2025-69312 was published Jan 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic... Critical Unreviewed
CVE-2025-68909 was published Jan 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee... Critical Unreviewed
CVE-2025-68910 was published Jan 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows... Critical Unreviewed
CVE-2025-68986 was published Jan 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl... Critical Unreviewed
CVE-2025-68001 was published Jan 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM... Critical Unreviewed
CVE-2025-67968 was published Jan 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows... Critical Unreviewed
CVE-2025-50002 was published Jan 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database