Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,540 advisories

Loading
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2026-5364 was published Apr 24, 2026
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary... Critical Unreviewed
CVE-2026-6885 was published Apr 23, 2026
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2026-3844 was published Apr 23, 2026
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory... Moderate Unreviewed
CVE-2025-36074 was published Apr 23, 2026
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... Critical Unreviewed
CVE-2026-1555 was published Apr 22, 2026
The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing... Moderate Unreviewed
CVE-2026-6835 was published Apr 22, 2026
OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution High
CVE-2026-40488 was published for openmage/magento-lts (Composer) Apr 21, 2026
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon... Critical Unreviewed
CVE-2019-25714 was published Apr 21, 2026
Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php... High Unreviewed
CVE-2026-37748 was published Apr 21, 2026
Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that... High Unreviewed
CVE-2026-6249 was published Apr 20, 2026
Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management... Critical Unreviewed
CVE-2026-6257 was published Apr 20, 2026
pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files Moderate
CVE-2026-3219 was published for pip (pip) Apr 20, 2026
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-6518 was published Apr 18, 2026
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-5718 was published Apr 17, 2026
Flowise: File Upload Validation Bypass in createAttachment High
CVE-2026-41269 was published for flowise (npm) Apr 16, 2026
quirmz Credited to quirmz
Weblate: Remote code execution during backup restoration High
CVE-2026-33435 was published for weblate (pip) Apr 16, 2026
nijel Credited to nijel and amCap1712 amCap1712 amCap1712
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of... Critical Unreviewed
CVE-2026-38526 was published Apr 14, 2026
Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users... High Unreviewed
CVE-2026-40040 was published Apr 13, 2026
Note Mark has Stored XSS via Unrestricted Asset Upload High
CVE-2026-40262 was published for github.com/enchant97/note-mark/backend (Go) Apr 13, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, and enchant97 Across-Verticals-Malaysia Across-Verticals-Malaysia
enchant97 enchant97
Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via... High Unreviewed
CVE-2026-30804 was published Apr 13, 2026
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that... High Unreviewed
CVE-2018-25258 was published Apr 12, 2026
Ech0 has Stored XSS via SVG Upload and Content-Type Validation Bypass in File Upload Moderate
GHSA-69hx-63pv-f8f4 was published for github.com/lin-snow/ech0 (Go) Apr 10, 2026
offset Credited to offset
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2026-2942 was published Apr 8, 2026
The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due... Critical Unreviewed
CVE-2026-3535 was published Apr 8, 2026
The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2026-4808 was published Apr 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database