Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3,581 advisories

Loading
livewire-markdown-editor has arbitrary file upload that allows stored XSS via attachment handler High
GHSA-gxxh-8vcj-w2mh was published for mckenziearts/livewire-markdown-editor (Composer) May 4, 2026
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and... High Unreviewed
CVE-2026-6261 was published May 5, 2026
Low-privileged Grav API users can create super-admin accounts via blueprint-upload High
CVE-2026-42844 was published for getgrav/grav (Composer) May 6, 2026
0d000721999 Credited to 0d000721999
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0... High Unreviewed
CVE-2026-6692 was published May 7, 2026
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in... Moderate Unreviewed
CVE-2026-36387 was published May 7, 2026
FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism High
CVE-2026-27891 was published for facturascripts/facturascripts (Composer) May 7, 2026
ZeroXJacks Credited to ZeroXJacks
FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images Moderate
CVE-2026-42879 was published for facturascripts/facturascripts (Composer) May 7, 2026
guzrex Credited to guzrex
Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE... Moderate Unreviewed
CVE-2025-67886 was published May 8, 2026
Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal High
CVE-2026-44566 was published for open-webui (pip) May 8, 2026
KoreLogicSecurityDisclosures Credited to KoreLogicSecurityDisclosures
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users... High Unreviewed
CVE-2021-47937 was published May 10, 2026
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2021-47943 was published May 10, 2026
docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate... Moderate Unreviewed
CVE-2025-65416 was published May 11, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option High
CVE-2026-45089 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
drmingler Credited to drmingler
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary... High Unreviewed
CVE-2023-27753 was published May 12, 2026
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang... High Unreviewed
CVE-2026-37430 was published May 13, 2026
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up... Critical Unreviewed
CVE-2026-6271 was published May 14, 2026
Strapi Upload Plugin MIME Validation Bypass via Content API Moderate
CVE-2026-22707 was published for @strapi/upload (npm) May 14, 2026
kaminuma Credited to kaminuma and arkmarta arkmarta arkmarta
Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions High
CVE-2026-45315 was published for open-webui (pip) May 14, 2026
maloleg Credited to maloleg and Classic298 Classic298 Classic298
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading... High Unreviewed
CVE-2026-44088 was published May 15, 2026
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload... Critical Unreviewed
CVE-2021-47965 was published May 15, 2026
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows... High Unreviewed
CVE-2020-37227 was published May 16, 2026
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload... Critical Unreviewed
CVE-2026-4885 was published May 19, 2026
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file... Critical Unreviewed
CVE-2026-4883 was published May 19, 2026
Budibase: Unrestricted Upload of File with Dangerous Type High
CVE-2026-46426 was published for budibase (npm) May 19, 2026
da7om85 Credited to da7om85
The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions... Critical Unreviewed
CVE-2026-6555 was published May 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database