GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,481
Composer 5,257
Erlang 41
GitHub Actions 41
Go 3,051
Maven 6,276
npm 4,791
NuGet 825
pip 4,389
Pub 12
RubyGems 988
Rust 1,145
Swift 50

Unreviewed advisories

All unreviewed 291,442

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,243 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all... High Unreviewed

CVE-2025-12775 was published Nov 18, 2025

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions... High Unreviewed

CVE-2025-12528 was published Nov 18, 2025

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed

CVE-2025-12974 was published Nov 18, 2025

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment"... High Unreviewed

CVE-2025-63748 was published Nov 17, 2025

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an... High Unreviewed

CVE-2025-12048 was published Nov 12, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue... High Unreviewed

CVE-2025-59118 was published Nov 12, 2025

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload... High Unreviewed

CVE-2025-12846 was published Nov 11, 2025

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing... High Unreviewed

CVE-2025-12867 was published Nov 10, 2025

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary... High Unreviewed

CVE-2025-12399 was published Nov 8, 2025

The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed

CVE-2025-11967 was published Nov 8, 2025

The Smart Auto Upload Images plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2025-12161 was published Nov 8, 2025

An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient... High Unreviewed

CVE-2025-10907 was published Nov 5, 2025

The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote... High Unreviewed

CVE-2025-11724 was published Nov 4, 2025

Arbitrary code execution is possible due to improper validation of the file upload functionality... High Unreviewed

CVE-2025-48396 was published Nov 3, 2025

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed

CVE-2025-12171 was published Nov 1, 2025

The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for... High Unreviewed

CVE-2025-11755 was published Nov 1, 2025

Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory... High Unreviewed

CVE-2020-36863 was published Oct 31, 2025

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function High Unreviewed

CVE-2025-60731 was published Oct 24, 2025

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function High Unreviewed

CVE-2025-60735 was published Oct 24, 2025

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file... High Unreviewed

CVE-2025-11889 was published Oct 24, 2025

QDocs Smart School Management System 7.1 allows authenticated users with roles such as ... High Unreviewed

CVE-2025-60500 was published Oct 21, 2025

The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2025-10754 was published Oct 15, 2025

The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed

CVE-2025-10051 was published Oct 15, 2025

An arbitrary file write vulnerability exists in the web-based management interface of both the... High Unreviewed

CVE-2025-37132 was published Oct 14, 2025

Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing... High Unreviewed

CVE-2025-11675 was published Oct 13, 2025

Previous 1…5…50 Next

Previous 1 2 3 4 5 6 7 … 49 50 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,243 advisories