GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,667
Composer 4,466
Erlang 33
GitHub Actions 23
Go 2,166
Maven 5,398
npm 3,830
NuGet 696
pip 3,507
Pub 12
RubyGems 909
Rust 904
Swift 38

Unreviewed advisories

All unreviewed 247,842

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

2,645 advisories

Filter by severity

Sort by

Least recently updated

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited... Critical Unreviewed

CVE-2023-31090 was published Apr 24, 2024

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed

CVE-2025-1028 was published Feb 5, 2025

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command... High Unreviewed

CVE-2025-24505 was published Jan 30, 2025

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to... Moderate Unreviewed

CVE-2019-8394 was published May 14, 2022

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a... Critical Unreviewed

CVE-2021-40870 was published May 24, 2022

ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. Critical Unreviewed

CVE-2024-57450 was published Feb 3, 2025

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker... Moderate Unreviewed

CVE-2024-41454 was published Jan 16, 2025

An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01... High Unreviewed

CVE-2024-57761 was published Jan 15, 2025

An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via... Moderate Unreviewed

CVE-2024-40513 was published Jan 17, 2025

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload... Critical Unreviewed

CVE-2022-41352 was published Sep 27, 2022

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated... Moderate Unreviewed

CVE-2023-42248 was published Jan 14, 2025

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows... High Unreviewed

CVE-2024-46210 was published Jan 10, 2025

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an... High Unreviewed

CVE-2021-38163 was published May 24, 2022

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed

CVE-2022-26871 was published Mar 30, 2022

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A... Critical Unreviewed

CVE-2021-22005 was published May 24, 2022

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP... High Unreviewed

CVE-2022-27925 was published Apr 22, 2022

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3... High Unreviewed

CVE-2023-28128 was published May 10, 2023

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed

CVE-2024-13448 was published Jan 28, 2025

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient... Critical Unreviewed

CVE-2025-0357 was published Jan 25, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a... Critical Unreviewed

CVE-2025-24650 was published Jan 24, 2025

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating... High Unreviewed

CVE-2024-25034 was published Jan 24, 2025

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating... High Unreviewed

CVE-2024-40693 was published Jan 24, 2025

An unauthenticated remote attacker can upload a arbitrary script file due to improper input... Moderate Unreviewed

CVE-2024-25994 was published Mar 12, 2024

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file... Critical Unreviewed

CVE-2024-48760 was published Jan 15, 2025

Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An... High Unreviewed

CVE-2024-22426 was published Feb 16, 2024

Previous 1 2 3 4 5 6 7 … 105 106 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,645 advisories