Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+)... High Unreviewed
CVE-2021-34639 was published May 24, 2022
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could... Moderate Unreviewed
CVE-2023-0350 was published Mar 13, 2023
A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the ... Moderate Unreviewed
CVE-2023-45599 was published Mar 5, 2024
Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File Moderate Unreviewed
CVE-2024-38432 was published Jul 30, 2024
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and... Critical Unreviewed
CVE-2024-8517 was published Sep 6, 2024
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager... Critical Unreviewed
CVE-2024-52052 was published Nov 22, 2024
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions Moderate
CVE-2025-1889 was published for picklescan (pip) Mar 3, 2025
madgetr
Credited to madgetr
Duplicate Advisory: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
GHSA-hw34-rqc5-h2gm was published for picklescan (pip) Mar 3, 2025 withdrawn
Maho is Vulnerable to Authenticated Remote Code Execution via File Upload High
CVE-2025-58449 was published for mahocommerce/maho (Composer) Sep 9, 2025
d-xuan
Credited to d-xuan
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected... Moderate Unreviewed
CVE-2025-41720 was published Oct 22, 2025
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer... Moderate Unreviewed
CVE-2025-30662 was published Nov 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database