Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,373 advisories

Loading
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated... High Unreviewed
CVE-2018-25158 was published Feb 21, 2026
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote... High Unreviewed
CVE-2025-70151 was published Feb 18, 2026
IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary... High Unreviewed
CVE-2025-13689 was published Feb 18, 2026
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and... High Unreviewed
CVE-2024-50620 was published Feb 11, 2026
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing... High Unreviewed
CVE-2026-2097 was published Feb 10, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies... High Unreviewed
CVE-2025-10465 was published Feb 9, 2026
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin.... High Unreviewed
CVE-2025-69906 was published Feb 5, 2026
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that... High Unreviewed
CVE-2020-37117 was published Feb 5, 2026
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an... High Unreviewed
CVE-2026-20098 was published Feb 4, 2026
The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed
CVE-2026-1756 was published Feb 4, 2026
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin... High Unreviewed
CVE-2020-37084 was published Feb 4, 2026
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary... High Unreviewed
CVE-2020-37090 was published Feb 4, 2026
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to... High Unreviewed
CVE-2020-37073 was published Feb 4, 2026
FUXA contains an Unrestricted File Upload vulnerability High
CVE-2025-69981 was published for fuxa-server (npm) Feb 3, 2026
An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows... High Unreviewed
CVE-2025-65875 was published Feb 3, 2026
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when... High Unreviewed
CVE-2020-37113 was published Feb 3, 2026
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed
CVE-2026-1730 was published Feb 3, 2026
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all... High Unreviewed
CVE-2026-1065 was published Feb 3, 2026
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege... High Unreviewed
CVE-2026-25201 was published Feb 2, 2026
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2020-37023 was published Jan 31, 2026
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that... High Unreviewed
CVE-2020-37009 was published Jan 29, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload High
CVE-2026-24769 was published for nocodb (npm) Jan 28, 2026
p-
Credited to p-
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2020-36973 was published Jan 28, 2026
The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-1400 was published Jan 28, 2026
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload... High Unreviewed
CVE-2020-36942 was published Jan 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database