Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,791
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,376 advisories

Loading
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2025-11889 was published Oct 24, 2025
QDocs Smart School Management System 7.1 allows authenticated users with roles such as ... High Unreviewed
CVE-2025-60500 was published Oct 21, 2025
The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-10754 was published Oct 15, 2025
The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-10051 was published Oct 15, 2025
An arbitrary file write vulnerability exists in the web-based management interface of both the... High Unreviewed
CVE-2025-37132 was published Oct 14, 2025
Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing... High Unreviewed
CVE-2025-11675 was published Oct 13, 2025
FlowiseAI/Flosise has File Upload vulnerability High
CVE-2025-61687 was published for flowise (npm) Oct 8, 2025
im-soohyun Credited to im-soohyun
The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-9212 was published Oct 3, 2025
The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-9561 was published Oct 3, 2025
Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4... High Unreviewed
CVE-2025-10544 was published Sep 26, 2025
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-10747 was published Sep 26, 2025
Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72... High Unreviewed
CVE-2025-10009 was published Sep 22, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and... High Unreviewed
CVE-2025-34195 was published Sep 19, 2025
The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-10647 was published Sep 19, 2025
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit... High Unreviewed
CVE-2025-55912 was published Sep 18, 2025
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates,... High Unreviewed
CVE-2025-9216 was published Sep 17, 2025
by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg... High Unreviewed
CVE-2025-56263 was published Sep 16, 2025
code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload... High Unreviewed
CVE-2025-56295 was published Sep 16, 2025
An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite... High Unreviewed
CVE-2025-45586 was published Sep 12, 2025
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and... High Unreviewed
CVE-2025-57642 was published Sep 10, 2025
The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads... High Unreviewed
CVE-2025-10049 was published Sep 10, 2025
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10001 was published Sep 10, 2025
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and... High Unreviewed
CVE-2025-9712 was published Sep 9, 2025
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and... High Unreviewed
CVE-2025-9872 was published Sep 9, 2025
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network... High Unreviewed
CVE-2025-20287 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database