Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,645 advisories

Loading
The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote... High Unreviewed
CVE-2025-2396 was published Mar 17, 2025
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias
An arbitrary file upload vulnerability in the Add Media function of SKINsoft S-Museum v7.02.3... Moderate Unreviewed
CVE-2024-25801 was published Feb 22, 2024
There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4,... Critical Unreviewed
CVE-2023-42286 was published Mar 15, 2024
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient... High Unreviewed
CVE-2024-3022 was published Apr 4, 2024
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which... High Unreviewed
CVE-2022-2883 was published Feb 22, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit... Critical Unreviewed
CVE-2025-28915 was published Mar 11, 2025
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file... High Unreviewed
CVE-2025-22213 was published Mar 11, 2025
The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads... High Unreviewed
CVE-2024-1986 was published Mar 7, 2024
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2024-13359 was published Mar 8, 2025
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit... High Unreviewed
CVE-2024-13882 was published Mar 8, 2025
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-13908 was published Mar 8, 2025
An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of... Critical Unreviewed
CVE-2025-25361 was published Mar 6, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330... High Unreviewed
CVE-2025-27683 was published Mar 5, 2025
REDAXO allows Arbitrary File Upload in the mediapool page Moderate
CVE-2025-27411 was published for redaxo/source (Composer) Mar 5, 2025
0xadik
FlowiseAI Flowise arbitrary file upload vulnerability High
CVE-2025-26319 was published for flowise (npm) Mar 5, 2025
A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability... Moderate Unreviewed
CVE-2025-1890 was published Mar 4, 2025
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files,... High Unreviewed
CVE-2023-22890 was published Mar 8, 2023
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2... Critical Unreviewed
CVE-2025-25784 was published Mar 5, 2025
An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS... Critical Unreviewed
CVE-2025-25790 was published Mar 5, 2025
An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3... Critical Unreviewed
CVE-2025-25783 was published Mar 5, 2025
A vulnerability, which was classified as critical, has been found in CampCodes Computer... Moderate Unreviewed
CVE-2025-0341 was published Jan 9, 2025
Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API... Low Unreviewed
CVE-2024-47259 was published Mar 4, 2025
The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-5226 was published Aug 8, 2024
An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8,... High Unreviewed
CVE-2024-41340 was published Feb 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database