Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,163 advisories

Loading
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12966 was published Dec 6, 2025
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions... High Unreviewed
CVE-2025-13065 was published Dec 6, 2025
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command... High Unreviewed
CVE-2020-36882 was published Dec 5, 2025
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12153 was published Dec 5, 2025
The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12181 was published Dec 5, 2025
The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12154 was published Dec 5, 2025
The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all... High Unreviewed
CVE-2025-13066 was published Dec 5, 2025
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed
CVE-2025-13543 was published Dec 4, 2025
The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An... High Unreviewed
CVE-2025-65806 was published Dec 4, 2025
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13646 was published Dec 3, 2025
EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the ... High Unreviewed
CVE-2025-65844 was published Dec 2, 2025
The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of... High Unreviewed
CVE-2025-13516 was published Dec 2, 2025
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13536 was published Nov 27, 2025
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2025-13376 was published Nov 25, 2025
The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress... High Unreviewed
CVE-2025-12973 was published Nov 21, 2025
The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2025-13156 was published Nov 21, 2025
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12138 was published Nov 21, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and... High Unreviewed
CVE-2025-0645 was published Nov 20, 2025
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an... High Unreviewed
CVE-2025-63227 was published Nov 18, 2025
A low privileged remote attacker can upload any file to an arbitrary location due to missing file... High Unreviewed
CVE-2025-41735 was published Nov 18, 2025
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload... High Unreviewed
CVE-2025-13069 was published Nov 18, 2025
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del... High Unreviewed
CVE-2025-41347 was published Nov 18, 2025
The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all... High Unreviewed
CVE-2025-12775 was published Nov 18, 2025
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions... High Unreviewed
CVE-2025-12528 was published Nov 18, 2025
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12974 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database