Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,076 advisories

Loading
The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-9698 was published Dec 14, 2024
The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2024-10590 was published Dec 12, 2024
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload... High Unreviewed
CVE-2024-50625 was published Dec 10, 2024
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due... High Unreviewed
CVE-2024-10578 was published Dec 6, 2024
Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ... High Unreviewed
CVE-2024-51548 was published Dec 5, 2024
An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of... High Unreviewed
CVE-2024-46625 was published Dec 4, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders High
CVE-2024-53863 was published for matrix-synapse (pip) Dec 3, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not... High Unreviewed
CVE-2024-40691 was published Dec 3, 2024
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-11391 was published Dec 3, 2024
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed
CVE-2024-8066 was published Nov 28, 2024
The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored... High Unreviewed
CVE-2024-9504 was published Nov 26, 2024
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2024-9660 was published Nov 23, 2024
An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute... High Unreviewed
CVE-2024-51364 was published Nov 21, 2024
An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0... High Unreviewed
CVE-2024-52769 was published Nov 20, 2024
File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0... High Unreviewed
CVE-2024-51208 was published Nov 20, 2024
The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for... High Unreviewed
CVE-2024-9849 was published Nov 16, 2024
parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect... High Unreviewed
CVE-2024-5125 was published Nov 14, 2024
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote... High Unreviewed
CVE-2024-11017 was published Nov 11, 2024
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute... High Unreviewed
CVE-2024-51152 was published Nov 8, 2024
Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to... High Unreviewed
CVE-2024-48093 was published Oct 30, 2024
*Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS... High Unreviewed
CVE-2024-48734 was published Oct 30, 2024
An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized... High Unreviewed
CVE-2024-48646 was published Oct 30, 2024
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-7985 was published Oct 29, 2024
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute... High Unreviewed
CVE-2024-48594 was published Oct 28, 2024
In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom before 5.8.0.20, there is... High Unreviewed
CVE-2024-50623 was published Oct 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database