Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,515 advisories

Loading
Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows... Critical Unreviewed
CVE-2024-54285 was published Dec 16, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo... Critical Unreviewed
CVE-2024-54370 was published Dec 16, 2024
The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-9698 was published Dec 14, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export... Critical Unreviewed
CVE-2024-54262 was published Dec 13, 2024
The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary... Critical Unreviewed
CVE-2024-9290 was published Dec 13, 2024
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-12042 was published Dec 13, 2024
The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2024-10590 was published Dec 12, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2,... Moderate Unreviewed
CVE-2024-44220 was published Dec 12, 2024
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
If the attacker has access to a valid Poweruser session, remote code execution is possible... Unknown Unreviewed
CVE-2024-47946 was published Dec 10, 2024
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload... High Unreviewed
CVE-2024-50625 was published Dec 10, 2024
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File... Critical Unreviewed
CVE-2024-54918 was published Dec 9, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium... Critical Unreviewed
CVE-2024-53822 was published Dec 9, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a... Critical Unreviewed
CVE-2024-54214 was published Dec 6, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows... Moderate Unreviewed
CVE-2024-53811 was published Dec 6, 2024
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due... High Unreviewed
CVE-2024-10578 was published Dec 6, 2024
A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as... Moderate Unreviewed
CVE-2024-12233 was published Dec 5, 2024
Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ... High Unreviewed
CVE-2024-51548 was published Dec 5, 2024
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions... Critical Unreviewed
CVE-2024-40744 was published Dec 4, 2024
An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of... High Unreviewed
CVE-2024-46625 was published Dec 4, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders High
CVE-2024-53863 was published for matrix-synapse (pip) Dec 3, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not... High Unreviewed
CVE-2024-40691 was published Dec 3, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by... Moderate Unreviewed
CVE-2024-25020 was published Dec 3, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not... Moderate Unreviewed
CVE-2024-25019 was published Dec 3, 2024
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-11391 was published Dec 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database