Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,281 advisories

Loading
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13646 was published Dec 3, 2025
GrapesJsBuilder File Upload allows all file uploads High
CVE-2025-13827 was published for mautic/grapes-js-builder-bundle (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the ... High Unreviewed
CVE-2025-65844 was published Dec 2, 2025
The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of... High Unreviewed
CVE-2025-13516 was published Dec 2, 2025
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13536 was published Nov 27, 2025
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2025-13376 was published Nov 25, 2025
The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress... High Unreviewed
CVE-2025-12973 was published Nov 21, 2025
The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2025-13156 was published Nov 21, 2025
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12138 was published Nov 21, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and... High Unreviewed
CVE-2025-0645 was published Nov 20, 2025
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an... High Unreviewed
CVE-2025-63227 was published Nov 18, 2025
A low privileged remote attacker can upload any file to an arbitrary location due to missing file... High Unreviewed
CVE-2025-41735 was published Nov 18, 2025
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload... High Unreviewed
CVE-2025-13069 was published Nov 18, 2025
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del... High Unreviewed
CVE-2025-41347 was published Nov 18, 2025
The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all... High Unreviewed
CVE-2025-12775 was published Nov 18, 2025
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions... High Unreviewed
CVE-2025-12528 was published Nov 18, 2025
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12974 was published Nov 18, 2025
QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment"... High Unreviewed
CVE-2025-63748 was published Nov 17, 2025
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an... High Unreviewed
CVE-2025-12048 was published Nov 12, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue... High Unreviewed
CVE-2025-59118 was published Nov 12, 2025
The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload... High Unreviewed
CVE-2025-12846 was published Nov 11, 2025
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing... High Unreviewed
CVE-2025-12867 was published Nov 10, 2025
The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2025-12399 was published Nov 8, 2025
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2025-11967 was published Nov 8, 2025
The Smart Auto Upload Images plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12161 was published Nov 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database