Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3,581 advisories

Loading
FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism High
CVE-2026-27891 was published for facturascripts/facturascripts (Composer) May 7, 2026
ZeroXJacks Credited to ZeroXJacks
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in... Moderate Unreviewed
CVE-2026-36387 was published May 7, 2026
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0... High Unreviewed
CVE-2026-6692 was published May 7, 2026
Low-privileged Grav API users can create super-admin accounts via blueprint-upload High
CVE-2026-42844 was published for getgrav/grav (Composer) May 6, 2026
0d000721999 Credited to 0d000721999
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and... High Unreviewed
CVE-2026-6261 was published May 5, 2026
livewire-markdown-editor has arbitrary file upload that allows stored XSS via attachment handler High
GHSA-gxxh-8vcj-w2mh was published for mckenziearts/livewire-markdown-editor (Composer) May 4, 2026
OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality High
CVE-2026-38751 was published for devcode-it/openstamanager (Composer) May 4, 2026
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged... High Unreviewed
CVE-2026-7490 was published May 2, 2026
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2026-4882 was published May 2, 2026
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary... Critical Unreviewed
CVE-2022-50993 was published Apr 30, 2026
CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution High
CVE-2026-41587 was published for ci4-cms-erp/ci4ms (Composer) Apr 29, 2026
dapickle Credited to dapickle
Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2026-38991 was published for cockpit-hq/cockpit (Composer) Apr 29, 2026
A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file ... Moderate Unreviewed
CVE-2025-9772 was published Apr 29, 2026
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2026-5364 was published Apr 24, 2026
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary... Critical Unreviewed
CVE-2026-6885 was published Apr 23, 2026
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2026-3844 was published Apr 23, 2026
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory... Moderate Unreviewed
CVE-2025-36074 was published Apr 23, 2026
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... Critical Unreviewed
CVE-2026-1555 was published Apr 22, 2026
The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing... Moderate Unreviewed
CVE-2026-6835 was published Apr 22, 2026
OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution High
CVE-2026-40488 was published for openmage/magento-lts (Composer) Apr 21, 2026
Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php... High Unreviewed
CVE-2026-37748 was published Apr 21, 2026
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon... Critical Unreviewed
CVE-2019-25714 was published Apr 21, 2026
Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that... High Unreviewed
CVE-2026-6249 was published Apr 20, 2026
Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management... Critical Unreviewed
CVE-2026-6257 was published Apr 20, 2026
pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files Moderate
CVE-2026-3219 was published for pip (pip) Apr 20, 2026
amine-malloul-gira Credited to amine-malloul-gira and tsokalski tsokalski tsokalski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database