Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,522
Maven
5,000+
npm
4,176
NuGet
741
pip
3,965
Pub
12
RubyGems
947
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,048 advisories

Loading
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme,... High Unreviewed
CVE-2025-5012 was published Jun 12, 2025
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in... Critical Unreviewed
CVE-2024-44849 was published Sep 9, 2024
A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This... Moderate Unreviewed
CVE-2025-1791 was published Mar 1, 2025
Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability. Moderate Unreviewed
CVE-2024-40555 was published Jul 15, 2024
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed
CVE-2025-3234 was published Jun 14, 2025
A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects... Moderate Unreviewed
CVE-2025-4538 was published May 11, 2025
A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This... Moderate Unreviewed
CVE-2025-5130 was published May 24, 2025
An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of... Critical Unreviewed
CVE-2023-51924 was published Jan 20, 2024
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action... Critical Unreviewed
CVE-2023-51928 was published Jan 20, 2024
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-3515 was published Jun 17, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager... Critical Unreviewed
CVE-2025-32510 was published Jun 17, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a... Critical Unreviewed
CVE-2025-47452 was published Jun 17, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen allows Upload a... Critical Unreviewed
CVE-2025-49071 was published Jun 17, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a... Critical Unreviewed
CVE-2025-47559 was published Jun 17, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows... Critical Unreviewed
CVE-2025-49447 was published Jun 17, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor... Critical Unreviewed
CVE-2025-49444 was published Jun 17, 2025
The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-4413 was published Jun 18, 2025
The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file... High Unreviewed
CVE-2025-6086 was published Jun 18, 2025
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads... High Unreviewed
CVE-2025-6220 was published Jun 18, 2025
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-46157 was published Jun 18, 2025
HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web... High Unreviewed
CVE-2023-45724 was published Jan 3, 2024
The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2025-4102 was published Jun 20, 2025
The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to... High Unreviewed
CVE-2023-4536 was published Jan 16, 2024
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via... Moderate Unreviewed
CVE-2023-51806 was published Jan 12, 2024
Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing... High Unreviewed
CVE-2022-1538 was published Jan 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database