Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,079 advisories

Loading
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to... High Unreviewed
CVE-2025-50286 was published Aug 6, 2025
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker... High Unreviewed
CVE-2017-2617 was published May 13, 2022
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-5061 was published Aug 5, 2025
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-6207 was published Aug 5, 2025
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog... High Unreviewed
CVE-2025-44139 was published Aug 1, 2025
The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images... High Unreviewed
CVE-2025-7443 was published Aug 1, 2025
The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2025-7847 was published Jul 31, 2025
The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-8323 was published Jul 30, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on... High Unreviewed
CVE-2025-52449 was published Jul 25, 2025
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type... High Unreviewed
CVE-2025-5831 was published Jul 25, 2025
The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed
CVE-2015-10144 was published Jul 25, 2025
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the... High Unreviewed
CVE-2025-47187 was published Jul 23, 2025
In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under... High Unreviewed
CVE-2025-46099 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... High Unreviewed
CVE-2025-54441 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... High Unreviewed
CVE-2025-54439 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... High Unreviewed
CVE-2025-54447 was published Jul 23, 2025
Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience... High Unreviewed
CVE-2025-34511 was published Jun 17, 2025
WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability... High Unreviewed
CVE-2025-7917 was published Jul 21, 2025
CWE-434 Unrestricted Upload of File with Dangerous Type High Unreviewed
CVE-2025-46384 was published Jul 20, 2025
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-7438 was published Jul 18, 2025
If a user saved a response from the Network tab in Devtools using the Save As context menu option... High Unreviewed
CVE-2025-6435 was published Jun 26, 2025
The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-6423 was published Jul 12, 2025
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2025-6057 was published Jul 12, 2025
An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to... High Unreviewed
CVE-2025-34097 was published Jul 10, 2025
The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-6586 was published Jul 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database