Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,791
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,376 advisories

Loading
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User... High Unreviewed
CVE-2026-1565 was published Feb 26, 2026
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File... High Unreviewed
CVE-2026-22766 was published Feb 24, 2026
OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php:... High Unreviewed
CVE-2026-26746 was published Feb 20, 2026
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service... High Unreviewed
CVE-2023-5524 was published Oct 20, 2023
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated... High Unreviewed
CVE-2018-25158 was published Feb 21, 2026
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote... High Unreviewed
CVE-2025-70151 was published Feb 18, 2026
IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary... High Unreviewed
CVE-2025-13689 was published Feb 18, 2026
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files.... High Unreviewed
CVE-2024-7694 was published Aug 12, 2024
Remote Code Execution by uploading a phar file using frontmatter High
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122 Credited to Universe1122 and sunnypatell sunnypatell sunnypatell
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and... High Unreviewed
CVE-2024-50620 was published Feb 11, 2026
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin... High Unreviewed
CVE-2020-37084 was published Feb 4, 2026
FUXA contains an Unrestricted File Upload vulnerability High
CVE-2025-69981 was published for fuxa-server (npm) Feb 3, 2026
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing... High Unreviewed
CVE-2026-2097 was published Feb 10, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies... High Unreviewed
CVE-2025-10465 was published Feb 9, 2026
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin.... High Unreviewed
CVE-2025-69906 was published Feb 5, 2026
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point... High Unreviewed
CVE-2022-40924 was published Sep 27, 2022
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with... High Unreviewed
CVE-2024-32256 was published Apr 16, 2024
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that... High Unreviewed
CVE-2020-37117 was published Feb 5, 2026
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an... High Unreviewed
CVE-2026-20098 was published Feb 4, 2026
An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows... High Unreviewed
CVE-2025-65875 was published Feb 3, 2026
The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed
CVE-2026-1756 was published Feb 4, 2026
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary... High Unreviewed
CVE-2020-37090 was published Feb 4, 2026
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to... High Unreviewed
CVE-2020-37073 was published Feb 4, 2026
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3... High Unreviewed
CVE-2020-35945 was published May 24, 2022
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when... High Unreviewed
CVE-2020-37113 was published Feb 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database