Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,230 advisories

Loading
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers... High Unreviewed
CVE-2024-58281 was published Dec 11, 2025
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2024-58283 was published Dec 11, 2025
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2024-58282 was published Dec 11, 2025
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows... High Unreviewed
CVE-2024-58279 was published Dec 11, 2025
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2020-36897 was published Dec 10, 2025
The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version <=... High Unreviewed
CVE-2025-14390 was published Dec 10, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload... Critical Unreviewed
CVE-2025-61808 was published Dec 10, 2025
LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the... High Unreviewed
CVE-2025-56704 was published Dec 9, 2025
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12966 was published Dec 6, 2025
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions... High Unreviewed
CVE-2025-13065 was published Dec 6, 2025
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-12673 was published Dec 6, 2025
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command... High Unreviewed
CVE-2020-36882 was published Dec 5, 2025
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12153 was published Dec 5, 2025
The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12181 was published Dec 5, 2025
The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12154 was published Dec 5, 2025
The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2025-12163 was published Dec 5, 2025
The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all... High Unreviewed
CVE-2025-13066 was published Dec 5, 2025
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed
CVE-2025-13543 was published Dec 4, 2025
The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An... High Unreviewed
CVE-2025-65806 was published Dec 4, 2025
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13646 was published Dec 3, 2025
GrapesJsBuilder File Upload allows all file uploads High
CVE-2025-13827 was published for mautic/grapes-js-builder-bundle (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the ... High Unreviewed
CVE-2025-65844 was published Dec 2, 2025
The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of... High Unreviewed
CVE-2025-13516 was published Dec 2, 2025
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed
CVE-2025-51736 was published Nov 28, 2025
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13536 was published Nov 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database