Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,521
Maven
5,000+
npm
4,167
NuGet
741
pip
3,963
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,047 advisories

Loading
An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask... High Unreviewed
CVE-2025-55454 was published Aug 22, 2025
A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2025-6466 was published Jun 22, 2025
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm wallyworld
hpidcock Fedqys
Badaso CMS file upload vulnerability High
CVE-2025-52353 was published for badaso/core (Composer) Aug 26, 2025
A vulnerability, which was classified as critical, has been found in Metasoft 美特软件 MetaCRM up to... Moderate Unreviewed
CVE-2025-7877 was published Jul 20, 2025
A vulnerability, which was classified as critical, was found in Metasoft 美特软件 MetaCRM up to 6.4.2... Moderate Unreviewed
CVE-2025-7878 was published Jul 20, 2025
A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of... Moderate Unreviewed
CVE-2025-9397 was published Aug 25, 2025
A vulnerability, which was classified as critical, has been found in ???????????? Lingdang CRM up... Moderate Unreviewed
CVE-2024-11122 was published Nov 12, 2024
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile... Critical Unreviewed
CVE-2025-34163 was published Aug 28, 2025
The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient... Moderate Unreviewed
CVE-2024-9648 was published Aug 28, 2025
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated... Critical Unreviewed
CVE-2025-53970 was published Aug 28, 2025
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated... Critical Unreviewed
CVE-2025-54762 was published Aug 28, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File... Critical Unreviewed
CVE-2025-49387 was published Aug 28, 2025
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0.... Moderate Unreviewed
CVE-2025-0463 was published Jan 14, 2025
A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This... Moderate Unreviewed
CVE-2025-8526 was published Aug 4, 2025
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-56236 was published for FormCMS (NuGet) Aug 28, 2025
A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the... Moderate Unreviewed
CVE-2025-31979 was published Aug 28, 2025
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-13342 was published Aug 29, 2025
Mattermost Fails to Validate Remote Cluster Upload Sessions Moderate
CVE-2025-49222 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management... Critical Unreviewed
CVE-2025-31100 was published Aug 31, 2025
Unrestricted Upload of File with Dangerous Type Apache Tomcat High
CVE-2017-12617 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 14, 2022
sunSUNQ anlakii
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-6085 was published Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side Moderate
CVE-2025-9467 was published for com.vaadin:vaadin-server (Maven) Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side Moderate
GHSA-94g8-xv23-7656 was published for com.vaadin:vaadin-upload-flow (Maven) Sep 4, 2025
Vaadin Platform possible file bypass via upload validation on the server-side Moderate
GHSA-c7v7-rqfm-f44j was published for com.vaadin:vaadin (Maven) Sep 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database