Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,937 advisories

Loading
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload... Critical Unreviewed
CVE-2025-61808 was published Dec 10, 2025
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12966 was published Dec 6, 2025
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions... High Unreviewed
CVE-2025-13065 was published Dec 6, 2025
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-12673 was published Dec 6, 2025
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command... High Unreviewed
CVE-2020-36882 was published Dec 5, 2025
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12153 was published Dec 5, 2025
The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12181 was published Dec 5, 2025
The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12154 was published Dec 5, 2025
The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2025-12163 was published Dec 5, 2025
The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all... High Unreviewed
CVE-2025-13066 was published Dec 5, 2025
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed
CVE-2025-13543 was published Dec 4, 2025
The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An... High Unreviewed
CVE-2025-65806 was published Dec 4, 2025
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13646 was published Dec 3, 2025
EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the ... High Unreviewed
CVE-2025-65844 was published Dec 2, 2025
The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of... High Unreviewed
CVE-2025-13516 was published Dec 2, 2025
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed
CVE-2025-51736 was published Nov 28, 2025
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13536 was published Nov 27, 2025
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed
CVE-2025-66255 was published Nov 26, 2025
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66250 was published Nov 26, 2025
Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66256 was published Nov 26, 2025
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-13597 was published Nov 26, 2025
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-13595 was published Nov 26, 2025
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2025-13376 was published Nov 25, 2025
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi... Critical Unreviewed
CVE-2023-7330 was published Nov 24, 2025
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This... Moderate Unreviewed
CVE-2025-13573 was published Nov 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database