Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,101 advisories

Loading
An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite... High Unreviewed
CVE-2025-45586 was published Sep 12, 2025
The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads... High Unreviewed
CVE-2025-10049 was published Sep 10, 2025
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10001 was published Sep 10, 2025
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and... High Unreviewed
CVE-2025-9712 was published Sep 9, 2025
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 Security Update 1 and... High Unreviewed
CVE-2025-9872 was published Sep 9, 2025
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network... High Unreviewed
CVE-2025-20287 was published Sep 9, 2025
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file... High Unreviewed
CVE-2025-9112 was published Sep 8, 2025
The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-9515 was published Sep 6, 2025
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-6085 was published Sep 4, 2025
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-13342 was published Aug 29, 2025
An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask... High Unreviewed
CVE-2025-55454 was published Aug 22, 2025
An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious... High Unreviewed
CVE-2025-53119 was published Aug 26, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on... High Unreviewed
CVE-2025-26498 was published Aug 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on... High Unreviewed
CVE-2025-26497 was published Aug 22, 2025
IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to... High Unreviewed
CVE-2025-36174 was published Aug 24, 2025
The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to... High Unreviewed
CVE-2025-54460 was published Aug 21, 2025
Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows... High Unreviewed
CVE-2025-55383 was published Aug 21, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2025-6079 was published Aug 16, 2025
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its... High Unreviewed
CVE-2012-10056 was published Aug 13, 2025
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a... High Unreviewed
CVE-2025-8297 was published Aug 12, 2025
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog... High Unreviewed
CVE-2012-10042 was published Aug 8, 2025
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote... High Unreviewed
CVE-2025-51056 was published Aug 6, 2025
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to... High Unreviewed
CVE-2025-50286 was published Aug 6, 2025
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker... High Unreviewed
CVE-2017-2617 was published May 13, 2022
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-6207 was published Aug 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database