GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,527
Composer 4,692
Erlang 34
GitHub Actions 27
Go 2,279
Maven 5,563
npm 3,931
NuGet 708
pip 3,699
Pub 12
RubyGems 919
Rust 957
Swift 38

Unreviewed advisories

All unreviewed 255,591

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,499 advisories

Filter by severity

Sort by

Least recently updated

The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... High Unreviewed

CVE-2025-4317 was published May 13, 2025

The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with... High Unreviewed

CVE-2025-4561 was published May 12, 2025

The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary... Critical Unreviewed

CVE-2025-4556 was published May 12, 2025

SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via... Critical Unreviewed

CVE-2025-46193 was published May 9, 2025

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2025-4403 was published May 9, 2025

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is... High Unreviewed

CVE-2025-3455 was published May 9, 2025

A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been... Moderate Unreviewed

CVE-2025-4468 was published May 9, 2025

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed

CVE-2024-11617 was published May 9, 2025

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php. Critical Unreviewed

CVE-2023-31585 was published May 8, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload... Moderate Unreviewed

CVE-2025-47550 was published May 7, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a... Critical Unreviewed

CVE-2025-47549 was published May 7, 2025

Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated... Critical Unreviewed

CVE-2025-40625 was published May 6, 2025

A vulnerability classified as critical has been found in itsourcecode Content Management System 1... Moderate Unreviewed

CVE-2025-4310 was published May 6, 2025

The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2025-4279 was published May 5, 2025

Outsystems Multiple File Upload < 3.1.0 is vulnerable to Unrestricted File Upload. The... Moderate Unreviewed

CVE-2025-28168 was published May 5, 2025

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a... High Unreviewed

CVE-2024-13418 was published May 2, 2025

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript... Moderate Unreviewed

CVE-2024-11390 was published May 1, 2025

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software... Moderate Unreviewed

CVE-2025-25016 was published May 1, 2025

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and... Moderate Unreviewed

CVE-2022-27562 was published Apr 30, 2025

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and... Moderate Unreviewed

CVE-2022-42449 was published Apr 30, 2025

A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated... Moderate Unreviewed

CVE-2025-3969 was published Apr 27, 2025

The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed

CVE-2025-3914 was published Apr 26, 2025

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE)... Critical Unreviewed

CVE-2025-46616 was published Apr 25, 2025

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in... Moderate Unreviewed

CVE-2022-44760 was published Apr 24, 2025

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization,... Critical Unreviewed

CVE-2025-31324 was published Apr 24, 2025

Previous 1 2 3 4 5 … 99 100 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,499 advisories