Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,418 advisories

Loading
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated... High Unreviewed
CVE-2018-25158 was published Feb 21, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons... Unknown Unreviewed
CVE-2025-69403 was published Feb 20, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard... Unknown Unreviewed
CVE-2025-68549 was published Feb 20, 2026
carbon-apimgt does not properly restrict uploaded files Critical
CVE-2025-13590 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl (Maven) Feb 19, 2026
A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some... Moderate Unreviewed
CVE-2026-2164 was published Feb 8, 2026
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2026-1405 was published Feb 19, 2026
The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12500 was published Feb 19, 2026
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote... High Unreviewed
CVE-2025-70151 was published Feb 18, 2026
IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary... High Unreviewed
CVE-2025-13689 was published Feb 18, 2026
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload... Low Unreviewed
CVE-2025-36183 was published Feb 18, 2026
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple... Critical Unreviewed
CVE-2026-1358 was published Feb 13, 2026
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the... Moderate Unreviewed
CVE-2026-2146 was published Feb 8, 2026
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files.... High Unreviewed
CVE-2024-7694 was published Aug 12, 2024
Remote Code Execution by uploading a phar file using frontmatter High
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122 sunnypatell
Credited to Universe1122 and sunnypatell
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2026-1306 was published Feb 14, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18... Moderate Unreviewed
CVE-2026-1458 was published Feb 11, 2026
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and... High Unreviewed
CVE-2024-50620 was published Feb 11, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing... Critical Unreviewed
CVE-2025-14014 was published Feb 12, 2026
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing... Moderate Unreviewed
CVE-2025-69618 was published Feb 4, 2026
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2026-1357 was published Feb 11, 2026
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin... High Unreviewed
CVE-2020-37084 was published Feb 4, 2026
FUXA contains an Unrestricted File Upload vulnerability High
CVE-2025-69981 was published for fuxa-server (npm) Feb 3, 2026
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing... High Unreviewed
CVE-2026-2097 was published Feb 10, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies... High Unreviewed
CVE-2025-10465 was published Feb 9, 2026
A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted... Moderate Unreviewed
CVE-2026-1152 was published Jan 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database