Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,442 advisories

Loading
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in... High Unreviewed
CVE-2026-9227 was published May 28, 2026
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote... High Unreviewed
CVE-2026-9009 was published May 28, 2026
Budibase: Unrestricted Upload of File with Dangerous Type High
CVE-2026-46426 was published for budibase (npm) May 19, 2026
da7om85 Credited to da7om85
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows... High Unreviewed
CVE-2020-37227 was published May 16, 2026
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading... High Unreviewed
CVE-2026-44088 was published May 15, 2026
Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions High
CVE-2026-45315 was published for open-webui (pip) May 14, 2026
maloleg Credited to maloleg and Classic298 Classic298 Classic298
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang... High Unreviewed
CVE-2026-37430 was published May 13, 2026
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary... High Unreviewed
CVE-2023-27753 was published May 12, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option High
CVE-2026-45089 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
drmingler Credited to drmingler
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users... High Unreviewed
CVE-2021-47937 was published May 10, 2026
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2021-47943 was published May 10, 2026
Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal High
CVE-2026-44566 was published for open-webui (pip) May 8, 2026
KoreLogicSecurityDisclosures Credited to KoreLogicSecurityDisclosures
FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism High
CVE-2026-27891 was published for facturascripts/facturascripts (Composer) May 7, 2026
ZeroXJacks Credited to ZeroXJacks
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0... High Unreviewed
CVE-2026-6692 was published May 7, 2026
Low-privileged Grav API users can create super-admin accounts via blueprint-upload High
CVE-2026-42844 was published for getgrav/grav (Composer) May 6, 2026
0d000721999 Credited to 0d000721999
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and... High Unreviewed
CVE-2026-6261 was published May 5, 2026
livewire-markdown-editor has arbitrary file upload that allows stored XSS via attachment handler High
GHSA-gxxh-8vcj-w2mh was published for mckenziearts/livewire-markdown-editor (Composer) May 4, 2026
OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality High
CVE-2026-38751 was published for devcode-it/openstamanager (Composer) May 4, 2026
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged... High Unreviewed
CVE-2026-7490 was published May 2, 2026
CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution High
CVE-2026-41587 was published for ci4-cms-erp/ci4ms (Composer) Apr 29, 2026
dapickle Credited to dapickle
Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2026-38991 was published for cockpit-hq/cockpit (Composer) Apr 29, 2026
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2026-5364 was published Apr 24, 2026
OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution High
CVE-2026-40488 was published for openmage/magento-lts (Composer) Apr 21, 2026
Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php... High Unreviewed
CVE-2026-37748 was published Apr 21, 2026
Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that... High Unreviewed
CVE-2026-6249 was published Apr 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database