Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,791
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,426 advisories

Loading
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution... High Unreviewed
CVE-2022-50898 was published Jan 14, 2026
The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files,... Moderate Unreviewed
CVE-2025-8889 was published Sep 9, 2025
code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php. Critical Unreviewed
CVE-2025-69565 was published Jan 27, 2026
code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. Critical Unreviewed
CVE-2025-69559 was published Jan 27, 2026
Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload... Critical Unreviewed
CVE-2025-57794 was published Jan 28, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM... Critical Unreviewed
CVE-2025-67968 was published Jan 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl... Critical Unreviewed
CVE-2025-68001 was published Jan 22, 2026
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download... Critical Unreviewed
CVE-2025-57795 was published Jan 28, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload High
CVE-2026-24769 was published for nocodb (npm) Jan 28, 2026
p- Credited to p-
A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1.... Moderate Unreviewed
CVE-2025-1555 was published Feb 21, 2025
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that... High Unreviewed
CVE-2020-37009 was published Jan 29, 2026
An unrestricted upload of file with dangerous type vulnerability in the file upload function of... Critical Unreviewed
CVE-2026-24729 was published Jan 30, 2026
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training... Moderate Unreviewed
CVE-2025-54944 was published Sep 25, 2025
An unrestricted upload of file with dangerous type vulnerability in the upload file function of... Critical Unreviewed
CVE-2025-31342 was published Oct 20, 2025
An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an... High Unreviewed
CVE-2024-5911 was published Jul 10, 2024
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads... Moderate Unreviewed
CVE-2026-21625 was published Jan 16, 2026
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2020-37023 was published Jan 31, 2026
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege... High Unreviewed
CVE-2026-25201 was published Feb 2, 2026
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without... Critical Unreviewed
CVE-2026-25200 was published Feb 2, 2026
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed
CVE-2026-1730 was published Feb 3, 2026
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all... High Unreviewed
CVE-2026-1065 was published Feb 3, 2026
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when... High Unreviewed
CVE-2020-37113 was published Feb 3, 2026
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3... High Unreviewed
CVE-2020-35945 was published May 24, 2022
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to... High Unreviewed
CVE-2020-37073 was published Feb 4, 2026
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary... High Unreviewed
CVE-2020-37090 was published Feb 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database