Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,791
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,426 advisories

Loading
Remote Code Execution by uploading a phar file using frontmatter High
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122 Credited to Universe1122 and sunnypatell sunnypatell sunnypatell
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files.... High Unreviewed
CVE-2024-7694 was published Aug 12, 2024
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple... Critical Unreviewed
CVE-2026-1358 was published Feb 13, 2026
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the... Moderate Unreviewed
CVE-2026-2146 was published Feb 8, 2026
IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary... High Unreviewed
CVE-2025-13689 was published Feb 18, 2026
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload... Low Unreviewed
CVE-2025-36183 was published Feb 18, 2026
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote... High Unreviewed
CVE-2025-70151 was published Feb 18, 2026
The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12500 was published Feb 19, 2026
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2026-1405 was published Feb 19, 2026
A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some... Moderate Unreviewed
CVE-2026-2164 was published Feb 8, 2026
carbon-apimgt does not properly restrict uploaded files Critical
CVE-2025-13590 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl (Maven) Feb 19, 2026
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated... High Unreviewed
CVE-2018-25158 was published Feb 21, 2026
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service... High Unreviewed
CVE-2023-5524 was published Oct 20, 2023
OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php:... High Unreviewed
CVE-2026-26746 was published Feb 20, 2026
A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an... Moderate Unreviewed
CVE-2025-14582 was published Dec 13, 2025
A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by... Moderate Unreviewed
CVE-2025-12862 was published Nov 7, 2025
A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261.... Moderate Unreviewed
CVE-2025-15110 was published Dec 27, 2025
A security vulnerability has been detected in Great Developers Certificate Generation System up... Moderate Unreviewed
CVE-2026-2183 was published Feb 8, 2026
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the... Moderate Unreviewed
CVE-2026-2976 was published Feb 23, 2026
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File... High Unreviewed
CVE-2026-22766 was published Feb 24, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons... Critical Unreviewed
CVE-2025-69403 was published Feb 20, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard... Critical Unreviewed
CVE-2025-68549 was published Feb 20, 2026
A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this... Moderate Unreviewed
CVE-2026-3187 was published Feb 25, 2026
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User... High Unreviewed
CVE-2026-1565 was published Feb 26, 2026
An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0... Critical Unreviewed
CVE-2025-69771 was published Feb 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database