Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,421 advisories

Loading
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2026-5364 was published Apr 24, 2026
OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution High
CVE-2026-40488 was published for openmage/magento-lts (Composer) Apr 21, 2026
Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php... High Unreviewed
CVE-2026-37748 was published Apr 21, 2026
Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that... High Unreviewed
CVE-2026-6249 was published Apr 20, 2026
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-6518 was published Apr 18, 2026
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-5718 was published Apr 17, 2026
Flowise: File Upload Validation Bypass in createAttachment High
CVE-2026-41269 was published for flowise (npm) Apr 16, 2026
quirmz Credited to quirmz
Weblate: Remote code execution during backup restoration High
CVE-2026-33435 was published for weblate (pip) Apr 16, 2026
nijel Credited to nijel and amCap1712 amCap1712 amCap1712
Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users... High Unreviewed
CVE-2026-40040 was published Apr 13, 2026
Note Mark has Stored XSS via Unrestricted Asset Upload High
CVE-2026-40262 was published for github.com/enchant97/note-mark/backend (Go) Apr 13, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, and enchant97 Across-Verticals-Malaysia Across-Verticals-Malaysia
enchant97 enchant97
Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via... High Unreviewed
CVE-2026-30804 was published Apr 13, 2026
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that... High Unreviewed
CVE-2018-25258 was published Apr 12, 2026
The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2026-4808 was published Apr 8, 2026
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload... High Unreviewed
CVE-2019-25673 was published Apr 5, 2026
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user... High Unreviewed
CVE-2025-59710 was published Apr 3, 2026
OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal High
GHSA-cwf8-44x6-32c2 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE) High
CVE-2025-32957 was published for baserproject/basercms (Composer) Mar 31, 2026
MinhhhCuonggg Credited to MinhhhCuonggg and Vatvo69 Vatvo69 Vatvo69
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of... High Unreviewed
CVE-2026-25099 was published Mar 27, 2026
AVideo: Remote Code Execution via PHP Temp File in Encoder downloadURL High
CVE-2026-33717 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
Sharp has Unrestricted File Upload via Client-Controlled Validation Rules High
CVE-2026-33687 was published for code16/sharp (Composer) Mar 25, 2026
AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload High
CVE-2026-33647 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that... High Unreviewed
CVE-2019-25647 was published Mar 24, 2026
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows... High Unreviewed
CVE-2019-25627 was published Mar 24, 2026
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager... High Unreviewed
CVE-2019-25630 was published Mar 24, 2026
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code... High Unreviewed
CVE-2019-25626 was published Mar 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database