Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,487 advisories

Loading
A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2.... Moderate Unreviewed
CVE-2024-11971 was published Nov 29, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders High
CVE-2024-53863 was published for matrix-synapse (pip) Dec 3, 2024
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with... High Unreviewed
CVE-2024-32256 was published Apr 16, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by... Moderate Unreviewed
CVE-2024-25020 was published Dec 3, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not... High Unreviewed
CVE-2024-40691 was published Dec 3, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not... Moderate Unreviewed
CVE-2024-25019 was published Dec 3, 2024
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-11391 was published Dec 3, 2024
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files,... Critical Unreviewed
CVE-2022-4395 was published Jan 30, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds... Critical Unreviewed
CVE-2024-52476 was published Dec 2, 2024
An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0... High Unreviewed
CVE-2024-52769 was published Nov 20, 2024
DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11979 was published Nov 29, 2024
The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2024-11082 was published Nov 28, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web... Critical Unreviewed
CVE-2024-52490 was published Nov 28, 2024
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed
CVE-2024-8066 was published Nov 28, 2024
An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute... High Unreviewed
CVE-2024-51364 was published Nov 21, 2024
HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common... Critical Unreviewed
CVE-2024-52677 was published Nov 20, 2024
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3... Moderate Unreviewed
CVE-2024-53619 was published Nov 26, 2024
The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored... High Unreviewed
CVE-2024-9504 was published Nov 26, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal Critical
CVE-2024-47169 was published for agnai (npm) Sep 26, 2024
ropwareJB noe233
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2020-22151 was published Jul 3, 2023
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to... Critical Unreviewed
CVE-2021-24171 was published May 24, 2022
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-9659 was published Nov 23, 2024
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-9942 was published Nov 23, 2024
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2024-9660 was published Nov 23, 2024
File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0... High Unreviewed
CVE-2024-51208 was published Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database