Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,080
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,412
Swift
61
Unreviewed advisories
All unreviewed
5,000+

3,629 advisories

Loading
parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist Low
CVE-2026-55778 was published for parse-server (npm) Jun 19, 2026
mtrezza Credited to mtrezza
parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist Low
CVE-2026-53724 was published for parse-server (npm) Jun 19, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows... High Unreviewed
CVE-2019-25758 was published Jun 19, 2026
DotVVM: Unrestricted file upload Moderate
GHSA-2rm3-333w-xvc4 was published for DotVVM (NuGet) Jun 19, 2026
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote... High Unreviewed
CVE-2026-9860 was published Jun 18, 2026
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. Critical Unreviewed
CVE-2026-52705 was published Jun 17, 2026
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions. Critical Unreviewed
CVE-2026-40747 was published Jun 17, 2026
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions. Critical Unreviewed
CVE-2026-40749 was published Jun 17, 2026
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions. Critical Unreviewed
CVE-2026-40746 was published Jun 17, 2026
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions. Critical Unreviewed
CVE-2026-40748 was published Jun 17, 2026
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions. Critical Unreviewed
CVE-2026-39589 was published Jun 17, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro... High Unreviewed
CVE-2026-39598 was published Jun 17, 2026
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. Critical Unreviewed
CVE-2026-25446 was published Jun 17, 2026
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions. Critical Unreviewed
CVE-2026-27041 was published Jun 17, 2026
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions. Critical Unreviewed
CVE-2026-22327 was published Jun 17, 2026
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from... Critical Unreviewed
CVE-2025-69129 was published Jun 17, 2026
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions. Critical Unreviewed
CVE-2024-52488 was published Jun 17, 2026
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions. Critical Unreviewed
CVE-2025-60218 was published Jun 17, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store... Critical Unreviewed
CVE-2026-40750 was published Jun 16, 2026
The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing... High Unreviewed
CVE-2026-6933 was published Jun 16, 2026
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions. Critical Unreviewed
CVE-2026-40772 was published Jun 15, 2026
Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions. Moderate Unreviewed
CVE-2026-39527 was published Jun 15, 2026
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. Critical Unreviewed
CVE-2026-39591 was published Jun 15, 2026
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4... Critical Unreviewed
CVE-2026-50873 was published Jun 15, 2026
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload... Critical Unreviewed
CVE-2018-25436 was published Jun 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database