Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,220 advisories

Loading
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12966 was published Dec 6, 2025
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions... High Unreviewed
CVE-2025-13065 was published Dec 6, 2025
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-12673 was published Dec 6, 2025
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command... High Unreviewed
CVE-2020-36882 was published Dec 5, 2025
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12153 was published Dec 5, 2025
The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12181 was published Dec 5, 2025
The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2025-12163 was published Dec 5, 2025
The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12154 was published Dec 5, 2025
The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all... High Unreviewed
CVE-2025-13066 was published Dec 5, 2025
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed
CVE-2025-13543 was published Dec 4, 2025
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13646 was published Dec 3, 2025
GrapesJsBuilder File Upload allows all file uploads High
CVE-2025-13827 was published for mautic/grapes-js-builder-bundle (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the ... High Unreviewed
CVE-2025-65844 was published Dec 2, 2025
The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of... High Unreviewed
CVE-2025-13516 was published Dec 2, 2025
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed
CVE-2025-51736 was published Nov 28, 2025
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13536 was published Nov 27, 2025
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed
CVE-2025-66255 was published Nov 26, 2025
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66250 was published Nov 26, 2025
Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66256 was published Nov 26, 2025
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-13595 was published Nov 26, 2025
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-13597 was published Nov 26, 2025
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2025-13376 was published Nov 25, 2025
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi... Critical Unreviewed
CVE-2023-7330 was published Nov 24, 2025
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This... Moderate Unreviewed
CVE-2025-13573 was published Nov 24, 2025
A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the... Moderate Unreviewed
CVE-2025-13574 was published Nov 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database