Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,200 advisories

Loading
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan JarLob
Grub4K dirkf rhdesmond
Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability... High Unreviewed
CVE-2025-45997 was published May 28, 2025
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a... High Unreviewed
CVE-2025-4800 was published May 28, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2025-4336 was published May 24, 2025
Connect-Multiparty allows arbitrary file upload High
CVE-2022-29623 was published for connect-multiparty (npm) May 17, 2022
Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload... High Unreviewed
CVE-2022-41534 was published Oct 14, 2022
The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... High Unreviewed
CVE-2025-4317 was published May 13, 2025
The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with... High Unreviewed
CVE-2025-4561 was published May 12, 2025
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is... High Unreviewed
CVE-2025-3455 was published May 9, 2025
An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2... High Unreviewed
CVE-2022-31366 was published Oct 20, 2022
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This... High Unreviewed
CVE-2025-0472 was published Jan 16, 2025
An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3... High Unreviewed
CVE-2024-23534 was published Apr 19, 2024
The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could... High Unreviewed
CVE-2024-5080 was published Jul 13, 2024
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x... High Unreviewed
CVE-2024-29848 was published May 31, 2024
The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-4279 was published May 5, 2025
Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a... High Unreviewed
CVE-2024-13418 was published May 2, 2025
An arbitrary file upload vulnerability in the image upload function of Canteen Management System... High Unreviewed
CVE-2022-43146 was published Nov 15, 2022
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary... High Unreviewed
CVE-2022-45476 was published Nov 25, 2022
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through... High Unreviewed
CVE-2021-43258 was published Nov 23, 2022
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed
CVE-2025-3914 was published Apr 26, 2025
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges... High Unreviewed
CVE-2022-45771 was published Dec 5, 2022
An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute... High Unreviewed
CVE-2025-29394 was published Apr 9, 2025
MODX Revolution allows overwriting .htaccess High
CVE-2017-9069 was published for modx/revolution (Composer) May 17, 2022
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-3616 was published Apr 22, 2025
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior... High Unreviewed
CVE-2021-25094 was published Apr 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database