GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,324
Composer 4,360
Erlang 33
GitHub Actions 22
Go 2,127
Maven 5,308
npm 3,793
NuGet 683
pip 3,471
Pub 12
RubyGems 894
Rust 894
Swift 38

Unreviewed advisories

All unreviewed 244,779

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

994 advisories

Filter by severity

Sort by

Least recently updated

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render... High Unreviewed

CVE-2025-1070 was published Feb 13, 2025

The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to... High Unreviewed

CVE-2024-13714 was published Feb 12, 2025

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense... High Unreviewed

CVE-2025-26411 was published Feb 11, 2025

An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0... High Unreviewed

CVE-2024-57408 was published Feb 10, 2025

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed

CVE-2025-1028 was published Feb 5, 2025

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated... High Unreviewed

CVE-2024-13723 was published Feb 5, 2025

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command... High Unreviewed

CVE-2025-24505 was published Jan 30, 2025

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating... High Unreviewed

CVE-2024-40693 was published Jan 24, 2025

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating... High Unreviewed

CVE-2024-25034 was published Jan 24, 2025

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2024-13333 was published Jan 17, 2025

An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01... High Unreviewed

CVE-2024-57761 was published Jan 15, 2025

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and... High Unreviewed

CVE-2024-13171 was published Jan 14, 2025

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin... High Unreviewed

CVE-2025-0394 was published Jan 14, 2025

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows... High Unreviewed

CVE-2024-46210 was published Jan 10, 2025

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2024-12853 was published Jan 8, 2025

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2024-12854 was published Jan 8, 2025

An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3... High Unreviewed

CVE-2024-53345 was published Jan 7, 2025

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity... High Unreviewed

CVE-2025-22389 was published Jan 4, 2025

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable... High Unreviewed

CVE-2024-40695 was published Dec 20, 2024

There is an unrestricted file upload vulnerability where it is possible for an authenticated user... High Unreviewed

CVE-2024-12700 was published Dec 20, 2024

The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed

CVE-2024-9698 was published Dec 14, 2024

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed

CVE-2024-10590 was published Dec 12, 2024

If the attacker has access to a valid Poweruser session, remote code execution is possible... High Unreviewed

CVE-2024-47946 was published Dec 10, 2024

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload... High Unreviewed

CVE-2024-50625 was published Dec 10, 2024

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due... High Unreviewed

CVE-2024-10578 was published Dec 6, 2024

Previous 1 2 3 4 5 … 39 40 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

994 advisories