Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,693
Erlang
34
GitHub Actions
28
Go
2,283
Maven
5,000+
npm
3,934
NuGet
708
pip
3,702
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

979 advisories

Loading
The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due... Critical Unreviewed
CVE-2025-3917 was published May 15, 2025
Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated... Critical Unreviewed
CVE-2025-40625 was published May 6, 2025
The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug... Critical Unreviewed
CVE-2024-5450 was published Jul 13, 2024
SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via... Critical Unreviewed
CVE-2025-46193 was published May 9, 2025
Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php. Critical Unreviewed
CVE-2023-31585 was published May 8, 2025
The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary... Critical Unreviewed
CVE-2025-4556 was published May 12, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a... Critical Unreviewed
CVE-2025-47549 was published May 7, 2025
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-4403 was published May 9, 2025
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2024-11617 was published May 9, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue... Critical Unreviewed
CVE-2024-25913 was published Feb 26, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy... Critical Unreviewed
CVE-2024-25925 was published Feb 26, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This... Critical Unreviewed
CVE-2024-25909 was published Feb 26, 2024
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary... Critical Unreviewed
CVE-2024-23759 was published Feb 13, 2024
An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior... Critical Unreviewed
CVE-2024-41339 was published Feb 27, 2025
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization,... Critical Unreviewed
CVE-2025-31324 was published Apr 24, 2025
An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen... Critical Unreviewed
CVE-2022-43265 was published Nov 16, 2022
TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with... Critical Unreviewed
CVE-2025-43946 was published Apr 22, 2025
Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-46616 was published Apr 25, 2025
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote... Critical Unreviewed
CVE-2024-0864 was published Feb 29, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress... Critical Unreviewed
CVE-2025-46264 was published Apr 24, 2025
Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload... Critical Unreviewed
CVE-2024-40071 was published Apr 16, 2025
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for... Critical Unreviewed
CVE-2017-16949 was published May 14, 2022
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard... Critical Unreviewed
CVE-2017-15990 was published May 13, 2022
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process,... Critical Unreviewed
CVE-2017-8862 was published May 17, 2022
iStock Management System 1.0 allows Arbitrary File Upload via user/profile. Critical Unreviewed
CVE-2017-15962 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database