Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,929
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
951
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,743 advisories

Loading
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload... Moderate Unreviewed
CVE-2025-47550 was published May 7, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a... Critical Unreviewed
CVE-2025-47549 was published May 7, 2025
Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated... Critical Unreviewed
CVE-2025-40625 was published May 6, 2025
The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-4279 was published May 5, 2025
Outsystems Multiple File Upload < 3.1.0 is vulnerable to Unrestricted File Upload. The... Moderate Unreviewed
CVE-2025-28168 was published May 5, 2025
October CMS Allows Unprotected SVG Rename in Media Manager Low
CVE-2024-51991 was published for october/october (Composer) May 5, 2025
Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a... High Unreviewed
CVE-2024-13418 was published May 2, 2025
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software... Moderate Unreviewed
CVE-2025-25016 was published May 1, 2025
Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript... Moderate Unreviewed
CVE-2024-11390 was published May 1, 2025
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and... Moderate Unreviewed
CVE-2022-27562 was published Apr 30, 2025
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and... Moderate Unreviewed
CVE-2022-42449 was published Apr 30, 2025
ShowDoc unrestricted file upload vulnerability Critical
CVE-2025-0520 was published for showdoc/showdoc (Composer) Apr 29, 2025
A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated... Moderate Unreviewed
CVE-2025-3969 was published Apr 27, 2025
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed
CVE-2025-3914 was published Apr 26, 2025
Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-46616 was published Apr 25, 2025
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in... Moderate Unreviewed
CVE-2022-44760 was published Apr 24, 2025
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization,... Critical Unreviewed
CVE-2025-31324 was published Apr 24, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress... Critical Unreviewed
CVE-2025-46264 was published Apr 24, 2025
TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with... Critical Unreviewed
CVE-2025-43946 was published Apr 22, 2025
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-3616 was published Apr 22, 2025
MCMS allows arbitrary file uploads in the ueditor component Critical
CVE-2025-29287 was published for net.mingsoft:ms-mcms (Maven) Apr 21, 2025
A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical.... Moderate Unreviewed
CVE-2025-3830 was published Apr 20, 2025
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2021-4455 was published Apr 19, 2025
The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... Critical Unreviewed
CVE-2025-1093 was published Apr 19, 2025
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan JarLob
Grub4K dirkf
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database