GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
3,675 advisories
Filter by severity
Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions >= 9.0...
Low
Unreviewed
CVE-2026-61448
was published
Jul 11, 2026
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57828
was published
Jul 11, 2026
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57827
was published
Jul 11, 2026
The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a...
High
Unreviewed
CVE-2026-2354
was published
Jul 11, 2026
NotrinosERP: Authenticated arbitrary file upload leads to remote code execution via HRM employee "Documents" (doc_file)
High
GHSA-qv4m-m73m-8hj7
was published
for
notrinos/notrinos-erp
(Composer)
Jul 10, 2026
The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in...
High
Unreviewed
CVE-2026-13430
was published
Jul 10, 2026
The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File...
Critical
Unreviewed
CVE-2026-14894
was published
Jul 10, 2026
The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to...
Critical
Unreviewed
CVE-2026-15282
was published
Jul 10, 2026
An authenticated administrator may be able to achieve arbitrary code execution on the host system...
Moderate
Unreviewed
CVE-2026-43752
was published
Jul 9, 2026
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-56291
was published
Jul 9, 2026
The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions...
Critical
Unreviewed
CVE-2026-15158
was published
Jul 9, 2026
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
Critical
CVE-2026-53649
was published
for
github.com/BishopFox/joro
(Go)
Jul 8, 2026
Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary...
Critical
Unreviewed
CVE-2026-58480
was published
Jul 8, 2026
The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains an unrestricted file upload...
Moderate
Unreviewed
CVE-2026-58654
was published
Jul 8, 2026
The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...
High
Unreviewed
CVE-2026-14489
was published
Jul 8, 2026
The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all...
High
Unreviewed
CVE-2026-14158
was published
Jul 8, 2026
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the...
High
Unreviewed
CVE-2026-23698
was published
Jul 7, 2026
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low...
High
Unreviewed
CVE-2026-23697
was published
Jul 7, 2026
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for...
Critical
Unreviewed
CVE-2026-14345
was published
Jul 7, 2026
ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker...
Moderate
Unreviewed
CVE-2026-9182
was published
Jul 6, 2026
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated...
Critical
Unreviewed
CVE-2024-14037
was published
Jul 2, 2026
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft...
Critical
Unreviewed
CVE-2022-50973
was published
Jul 2, 2026
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to...
Critical
Unreviewed
CVE-2026-5524
was published
Jul 2, 2026
Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.
Critical
Unreviewed
CVE-2026-27419
was published
Jul 2, 2026
MCO does not correctly validate types of uploaded files. File upload validation functionality...
Moderate
Unreviewed
CVE-2026-53909
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API