Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,791
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,426 advisories

Loading
A security vulnerability has been detected in code-projects Content Management System 1.0.... Moderate Unreviewed
CVE-2026-0566 was published Jan 2, 2026
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload... High Unreviewed
CVE-2025-15240 was published Jan 5, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a... Critical Unreviewed
CVE-2025-31048 was published Jan 5, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer... Critical Unreviewed
CVE-2023-50897 was published Jan 5, 2026
n8n Vulnerable to RCE via Arbitrary File Write Critical
CVE-2026-21877 was published for n8n (npm) Jan 6, 2026
theolelasseux Credited to theolelasseux
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane... Critical Unreviewed
CVE-2025-30996 was published Jan 6, 2026
The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14842 was published Jan 7, 2026
The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper... High Unreviewed
CVE-2025-15158 was published Jan 7, 2026
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an... Moderate Unreviewed
CVE-2026-0643 was published Jan 7, 2026
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code... Moderate Unreviewed
CVE-2025-66837 was published Jan 7, 2026
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion... Critical Unreviewed
CVE-2019-25296 was published Jan 8, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio... Critical Unreviewed
CVE-2025-67910 was published Jan 8, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit... Critical Unreviewed
CVE-2025-67924 was published Jan 8, 2026
Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows... Critical Unreviewed
CVE-2025-67325 was published Jan 8, 2026
A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of... Moderate Unreviewed
CVE-2025-15495 was published Jan 9, 2026
A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to... Moderate Unreviewed
CVE-2025-15503 was published Jan 10, 2026
An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the... High Unreviewed
CVE-2025-46068 was published Jan 12, 2026
Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution).... Critical Unreviewed
CVE-2025-66802 was published Jan 12, 2026
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to... Moderate Unreviewed
CVE-2026-0496 was published Jan 13, 2026
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e... Critical Unreviewed
CVE-2025-65783 was published Jan 13, 2026
Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file... Moderate Unreviewed
CVE-2025-62182 was published Jan 13, 2026
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal High
CVE-2026-22786 was published for github.com/flipped-aurora/gin-vue-admin (Go) Jan 13, 2026
D0ub1e-D Credited to D0ub1e-D
Arbitrary file upload vulnerability exists in the web-based management interface of mobility... High Unreviewed
CVE-2025-37175 was published Jan 13, 2026
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution... High Unreviewed
CVE-2022-50898 was published Jan 14, 2026
VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in... Critical Unreviewed
CVE-2022-50893 was published Jan 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database