Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,612
Maven
5,000+
npm
4,252
NuGet
760
pip
4,027
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,825 advisories

Loading
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function High Unreviewed
CVE-2025-60735 was published Oct 24, 2025
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function High Unreviewed
CVE-2025-60731 was published Oct 24, 2025
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2025-11889 was published Oct 24, 2025
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design... Critical Unreviewed
CVE-2025-6440 was published Oct 24, 2025
A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as... Moderate Unreviewed
CVE-2025-0335 was published Jan 9, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy... Critical Unreviewed
CVE-2025-52758 was published Oct 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows... Critical Unreviewed
CVE-2025-58963 was published Oct 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia... Moderate Unreviewed
CVE-2025-49060 was published Oct 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora... Moderate Unreviewed
CVE-2025-48106 was published Oct 22, 2025
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization,... Critical Unreviewed
CVE-2025-31324 was published Apr 24, 2025
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to... Critical Unreviewed
CVE-2024-57968 was published Feb 3, 2025
In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom before 5.8.0.20, there is... High Unreviewed
CVE-2024-50623 was published Oct 28, 2024
The Versa Director GUI provides an option to customize the look and feel of the user interface.... Moderate Unreviewed
CVE-2024-39717 was published Aug 22, 2024
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP... High Unreviewed
CVE-2022-27925 was published Apr 22, 2022
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This... Critical Unreviewed
CVE-2022-29464 was published Apr 20, 2022
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior... High Unreviewed
CVE-2021-27860 was published Dec 9, 2021
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a... Critical Unreviewed
CVE-2021-40870 was published May 24, 2022
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an... High Unreviewed
CVE-2021-38163 was published May 24, 2022
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could... High Unreviewed
CVE-2020-8599 was published May 24, 2022
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to... Moderate Unreviewed
CVE-2019-8394 was published May 14, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15961 was published May 13, 2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload... Critical Unreviewed
CVE-2022-41352 was published Sep 27, 2022
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed
CVE-2022-26871 was published Mar 30, 2022
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to... Critical Unreviewed
CVE-2017-11357 was published May 14, 2022
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A... Critical Unreviewed
CVE-2021-22005 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database