Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,053 advisories

Loading
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload... Critical Unreviewed
CVE-2012-10027 was published Aug 5, 2025
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary... Critical Unreviewed
CVE-2012-10026 was published Aug 5, 2025
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The... Critical Unreviewed
CVE-2013-10066 was published Aug 5, 2025
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload... Critical Unreviewed
CVE-2013-10067 was published Aug 5, 2025
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code... Critical Unreviewed
CVE-2025-52239 was published Aug 4, 2025
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and... Critical Unreviewed
CVE-2013-10054 was published Aug 4, 2025
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and... Critical Unreviewed
CVE-2013-10055 was published Aug 1, 2025
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows... Critical Unreviewed
CVE-2013-10047 was published Aug 1, 2025
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0... Critical Unreviewed
CVE-2013-10038 was published Jul 31, 2025
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php... Critical Unreviewed
CVE-2013-10040 was published Jul 31, 2025
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The... Critical Unreviewed
CVE-2013-10034 was published Jul 31, 2025
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2025-7852 was published Jul 25, 2025
The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2025-7437 was published Jul 25, 2025
An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management... Critical Unreviewed
CVE-2025-40599 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed
CVE-2025-54449 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed
CVE-2025-54448 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed
CVE-2025-54440 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed
CVE-2025-54442 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed
CVE-2025-54444 was published Jul 23, 2025
The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2015-10137 was published Jul 22, 2025
The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2012-10020 was published Jul 22, 2025
In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following... Critical Unreviewed
CVE-2025-44658 was published Jul 21, 2025
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2016-15043 was published Jul 19, 2025
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2015-10135 was published Jul 19, 2025
The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2015-10138 was published Jul 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database