Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3,580 advisories

Loading
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote... High Unreviewed
CVE-2026-9009 was published May 28, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo... Critical Unreviewed
CVE-2026-42748 was published May 27, 2026
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized... Critical Unreviewed
CVE-2026-40412 was published May 26, 2026
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2026-6960 was published May 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For... Critical Unreviewed
CVE-2026-45444 was published May 20, 2026
The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions... Critical Unreviewed
CVE-2026-6555 was published May 20, 2026
Budibase: Unrestricted Upload of File with Dangerous Type High
CVE-2026-46426 was published for budibase (npm) May 19, 2026
da7om85 Credited to da7om85
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file... Critical Unreviewed
CVE-2026-4883 was published May 19, 2026
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload... Critical Unreviewed
CVE-2026-4885 was published May 19, 2026
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows... High Unreviewed
CVE-2020-37227 was published May 16, 2026
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload... Critical Unreviewed
CVE-2021-47965 was published May 15, 2026
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading... High Unreviewed
CVE-2026-44088 was published May 15, 2026
Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions High
CVE-2026-45315 was published for open-webui (pip) May 14, 2026
maloleg Credited to maloleg and Classic298 Classic298 Classic298
Strapi Upload Plugin MIME Validation Bypass via Content API Moderate
CVE-2026-22707 was published for @strapi/upload (npm) May 14, 2026
kaminuma Credited to kaminuma and arkmarta arkmarta arkmarta
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up... Critical Unreviewed
CVE-2026-6271 was published May 14, 2026
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang... High Unreviewed
CVE-2026-37430 was published May 13, 2026
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary... High Unreviewed
CVE-2023-27753 was published May 12, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option High
CVE-2026-45089 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
drmingler Credited to drmingler
docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate... Moderate Unreviewed
CVE-2025-65416 was published May 11, 2026
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users... High Unreviewed
CVE-2021-47937 was published May 10, 2026
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2021-47943 was published May 10, 2026
Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal High
CVE-2026-44566 was published for open-webui (pip) May 8, 2026
KoreLogicSecurityDisclosures Credited to KoreLogicSecurityDisclosures
Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE... Moderate Unreviewed
CVE-2025-67886 was published May 8, 2026
FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images Moderate
CVE-2026-42879 was published for facturascripts/facturascripts (Composer) May 7, 2026
guzrex Credited to guzrex
FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism High
CVE-2026-27891 was published for facturascripts/facturascripts (Composer) May 7, 2026
ZeroXJacks Credited to ZeroXJacks
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database