Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,071
Maven
5,000+
npm
3,744
NuGet
669
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,545 advisories

Loading
An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to... Critical Unreviewed
CVE-2024-25414 was published Feb 16, 2024
HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts... Low Unreviewed
CVE-2024-42180 was published Jan 13, 2025
A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as... Moderate Unreviewed
CVE-2025-0213 was published Jan 4, 2025
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This... Moderate Unreviewed
CVE-2024-13138 was published Jan 5, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms... Critical Unreviewed
CVE-2025-22504 was published Jan 9, 2025
The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp... Moderate Unreviewed
CVE-2024-43662 was published Jan 9, 2025
An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of... High Unreviewed
CVE-2024-53564 was published Dec 2, 2024
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file... High Unreviewed
CVE-2024-1567 was published May 2, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish fforootd
livio-a adlerhurst
An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading... Critical Unreviewed
CVE-2022-41573 was published Jan 7, 2025
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-12854 was published Jan 8, 2025
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-12853 was published Jan 8, 2025
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3... High Unreviewed
CVE-2024-53345 was published Jan 7, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing... Critical Unreviewed
CVE-2024-43243 was published Jan 7, 2025
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity... Unknown Unreviewed
CVE-2025-22389 was published Jan 4, 2025
An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0... Critical Unreviewed
CVE-2024-55078 was published Jan 3, 2025
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector allows... Moderate Unreviewed
CVE-2024-56264 was published Jan 2, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows... Critical Unreviewed
CVE-2024-56249 was published Jan 2, 2025
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a ... Critical Unreviewed
CVE-2024-56829 was published Jan 2, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows... Critical Unreviewed
CVE-2024-56064 was published Dec 31, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a... Critical Unreviewed
CVE-2024-56046 was published Dec 31, 2024
Some Honor products are affected by file writing vulnerability, successful exploitation could... Moderate Unreviewed
CVE-2024-47151 was published Dec 26, 2024
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is... Moderate Unreviewed
CVE-2024-10584 was published Dec 24, 2024
If the attacker has access to a valid Poweruser session, remote code execution is possible... High Unreviewed
CVE-2024-47946 was published Dec 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database