Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,493 advisories

Loading
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2016-20052 was published Apr 4, 2026
The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in... Moderate Unreviewed
CVE-2025-14938 was published Apr 4, 2026
OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal High
GHSA-cwf8-44x6-32c2 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
c2cciutils affected by CVE-2022-40896 Moderate
GHSA-qc22-xmq4-qg46 was published for c2cciutils (pip) Apr 1, 2026
baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE) High
CVE-2025-32957 was published for baserproject/basercms (Composer) Mar 31, 2026
MinhhhCuonggg Credited to MinhhhCuonggg and Vatvo69 Vatvo69 Vatvo69
An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play... Moderate Unreviewed
CVE-2026-30280 was published Mar 31, 2026
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of... High Unreviewed
CVE-2026-25099 was published Mar 27, 2026
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to... Moderate Unreviewed
CVE-2025-55267 was published Mar 26, 2026
plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an... Critical Unreviewed
CVE-2026-4809 was published Mar 26, 2026
AVideo: Remote Code Execution via PHP Temp File in Encoder downloadURL High
CVE-2026-33717 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
Sharp has Unrestricted File Upload via Client-Controlled Validation Rules High
CVE-2026-33687 was published for code16/sharp (Composer) Mar 25, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads... Critical Unreviewed
CVE-2026-32536 was published Mar 25, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic... Critical Unreviewed
CVE-2026-32523 was published Mar 25, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr... Critical Unreviewed
CVE-2026-32524 was published Mar 25, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload... Critical Unreviewed
CVE-2026-32482 was published Mar 25, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro... Critical Unreviewed
CVE-2026-25413 was published Mar 25, 2026
AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload High
CVE-2026-33647 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that... High Unreviewed
CVE-2019-25647 was published Mar 24, 2026
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows... High Unreviewed
CVE-2019-25627 was published Mar 24, 2026
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager... High Unreviewed
CVE-2019-25630 was published Mar 24, 2026
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code... High Unreviewed
CVE-2019-25626 was published Mar 24, 2026
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing... High Unreviewed
CVE-2026-3533 was published Mar 24, 2026
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a... High Unreviewed
CVE-2025-60947 was published Mar 24, 2026
Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin High
CVE-2026-32278 was published for opensource-workshop/connect-cms (Composer) Mar 23, 2026
odgrso Credited to odgrso
The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of... Moderate Unreviewed
CVE-2026-1969 was published Mar 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database