Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3,581 advisories

Loading
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in... High Unreviewed
CVE-2026-9227 was published May 28, 2026
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote... High Unreviewed
CVE-2026-9009 was published May 28, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo... Critical Unreviewed
CVE-2026-42748 was published May 27, 2026
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-5718 was published Apr 17, 2026
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized... Critical Unreviewed
CVE-2026-40412 was published May 26, 2026
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2026-6960 was published May 22, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For... Critical Unreviewed
CVE-2026-45444 was published May 20, 2026
pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files Moderate
CVE-2026-3219 was published for pip (pip) Apr 20, 2026
amine-malloul-gira Credited to amine-malloul-gira and tsokalski tsokalski tsokalski
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal... High Unreviewed
CVE-2023-5637 was published Dec 1, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal... Critical Unreviewed
CVE-2023-5636 was published Dec 1, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security... Critical Unreviewed
CVE-2023-6675 was published Feb 2, 2024
The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions... Critical Unreviewed
CVE-2026-6555 was published May 20, 2026
Budibase: Unrestricted Upload of File with Dangerous Type High
CVE-2026-46426 was published for budibase (npm) May 19, 2026
da7om85 Credited to da7om85
Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions High
CVE-2026-45315 was published for open-webui (pip) May 14, 2026
maloleg Credited to maloleg and Classic298 Classic298 Classic298
Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal High
CVE-2026-44566 was published for open-webui (pip) May 8, 2026
KoreLogicSecurityDisclosures Credited to KoreLogicSecurityDisclosures
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file... Critical Unreviewed
CVE-2026-4883 was published May 19, 2026
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload... Critical Unreviewed
CVE-2026-4885 was published May 19, 2026
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows... High Unreviewed
CVE-2020-37227 was published May 16, 2026
Strapi Upload Plugin MIME Validation Bypass via Content API Moderate
CVE-2026-22707 was published for @strapi/upload (npm) May 14, 2026
kaminuma Credited to kaminuma and arkmarta arkmarta arkmarta
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload... Critical Unreviewed
CVE-2021-47965 was published May 15, 2026
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading... High Unreviewed
CVE-2026-44088 was published May 15, 2026
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang... High Unreviewed
CVE-2026-37430 was published May 13, 2026
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up... Critical Unreviewed
CVE-2026-6271 was published May 14, 2026
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary... High Unreviewed
CVE-2023-27753 was published May 12, 2026
Low-privileged Grav API users can create super-admin accounts via blueprint-upload High
CVE-2026-42844 was published for getgrav/grav (Composer) May 6, 2026
0d000721999 Credited to 0d000721999
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database