GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,912
Composer 5,067
Erlang 39
GitHub Actions 38
Go 2,717
Maven 6,143
npm 4,328
NuGet 761
pip 4,105
Pub 12
RubyGems 958
Rust 1,065
Swift 45

Unreviewed advisories

All unreviewed 278,896

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,160 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command... High Unreviewed

CVE-2020-36882 was published Dec 5, 2025

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2025-12153 was published Dec 5, 2025

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed

CVE-2025-12181 was published Dec 5, 2025

The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all... High Unreviewed

CVE-2025-13066 was published Dec 5, 2025

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed

CVE-2025-12154 was published Dec 5, 2025

The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed

CVE-2025-13543 was published Dec 4, 2025

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated... High Unreviewed

CVE-2021-26828 was published May 24, 2022

EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the ... High Unreviewed

CVE-2025-65844 was published Dec 2, 2025

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2025-13646 was published Dec 3, 2025

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of... High Unreviewed

CVE-2025-13516 was published Dec 2, 2025

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2025-13536 was published Nov 27, 2025

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low... High Unreviewed

CVE-2013-10044 was published Aug 1, 2025

The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed

CVE-2025-13376 was published Nov 25, 2025

The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress... High Unreviewed

CVE-2025-12973 was published Nov 21, 2025

The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary... High Unreviewed

CVE-2025-13156 was published Nov 21, 2025

The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2025-12138 was published Nov 21, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and... High Unreviewed

CVE-2025-0645 was published Nov 20, 2025

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del... High Unreviewed

CVE-2025-41347 was published Nov 18, 2025

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an... High Unreviewed

CVE-2025-63227 was published Nov 18, 2025

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0.... High Unreviewed

CVE-2021-25780 was published May 24, 2022

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload... High Unreviewed

CVE-2025-13069 was published Nov 18, 2025

A low privileged remote attacker can upload any file to an arbitrary location due to missing file... High Unreviewed

CVE-2025-41735 was published Nov 18, 2025

The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all... High Unreviewed

CVE-2025-12775 was published Nov 18, 2025

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions... High Unreviewed

CVE-2025-12528 was published Nov 18, 2025

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed

CVE-2025-12974 was published Nov 18, 2025

Previous1…47 Next

Previous 1 2 3 4 5 … 46 47 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,160 advisories