Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,522
Maven
5,000+
npm
4,176
NuGet
741
pip
3,965
Pub
12
RubyGems
947
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,049 advisories

Loading
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload,... Moderate Unreviewed
CVE-2019-6513 was published May 24, 2022
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation,... Critical Unreviewed
CVE-2024-6366 was published Jul 29, 2024
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to... Critical Unreviewed
CVE-2023-27168 was published Jan 19, 2024
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper... Moderate Unreviewed
CVE-2024-7074 was published Jun 2, 2025
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin... Moderate Unreviewed
CVE-2025-1725 was published Jun 3, 2025
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because... Critical Unreviewed
CVE-2023-50982 was published Jan 8, 2024
A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02... Moderate Unreviewed
CVE-2025-5162 was published May 26, 2025
A vulnerability was found in Tmall Demo up to 20250505. It has been declared as critical. This... Moderate Unreviewed
CVE-2025-5131 was published May 24, 2025
A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training... Moderate Unreviewed
CVE-2025-5171 was published May 26, 2025
A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up... Moderate Unreviewed
CVE-2025-5178 was published May 26, 2025
An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1... Critical Unreviewed
CVE-2025-45854 was published Jun 3, 2025
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1... High Unreviewed
CVE-2024-23180 was published Jan 23, 2024
File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker... High Unreviewed
CVE-2025-29093 was published Jun 4, 2025
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads Moderate
CVE-2025-48953 was published for Umbraco.Cms (NuGet) Jun 4, 2025
00mpal00mpa
The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-3054 was published Jun 5, 2025
Erupt Unrestricted Upload of File with Dangerous Type vulnerability Moderate
CVE-2025-45855 was published for xyz.erupt:erupt (Maven) Jun 3, 2025
An unrestricted upload of file with dangerous type vulnerability in the upload file function of... Critical Unreviewed
CVE-2025-48782 was published Jun 6, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator... Moderate Unreviewed
CVE-2025-49329 was published Jun 6, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote... Critical Unreviewed
CVE-2025-3835 was published Jun 9, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates... Critical Unreviewed
CVE-2025-32291 was published Jun 9, 2025
The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload... High Unreviewed
CVE-2025-4387 was published Jun 10, 2025
A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management... Moderate Unreviewed
CVE-2025-5728 was published Jun 6, 2025
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to... High Unreviewed
CVE-2025-46612 was published Jun 10, 2025
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed
CVE-2025-5395 was published Jun 11, 2025
An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart... High Unreviewed
CVE-2025-6002 was published Jun 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database