GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist
Low
CVE-2026-55778
was published
for
parse-server
(npm)
Jun 19, 2026
parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist
Low
CVE-2026-53724
was published
for
parse-server
(npm)
Jun 19, 2026
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
Low
CVE-2026-33221
was published
for
github.com/nhost/nhost
(Go)
Mar 18, 2026
Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS)
Low
CVE-2025-70849
was published
for
github.com/stefanprodan/podinfo
(Go)
Feb 3, 2026
Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import
Low
GHSA-7jp2-5h22-m432
was published
for
auth0/symfony
(Composer)
Oct 1, 2025
Auth0 Wordpress plugin Does Not Properly Handle File Types in Bulk User Import
Low
GHSA-w22c-pw5m-482x
was published
for
auth0/wordpress
(Composer)
Oct 1, 2025
laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import
Low
GHSA-hjfh-5jmm-xr24
was published
for
auth0/login
(Composer)
Oct 1, 2025
auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import
Low
CVE-2025-58769
was published
for
auth0/auth0-php
(Composer)
Oct 1, 2025
October CMS Allows Unprotected SVG Rename in Media Manager
Low
CVE-2024-51991
was published
for
october/october
(Composer)
May 5, 2025
Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript
Low
CVE-2024-45965
was published
for
contao/contao
(Composer)
Oct 2, 2024
•
withdrawn
October allows an admin account to upload PDF containing malicious JavaScript
Low
CVE-2024-45962
was published
for
october/october
(Composer)
Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code
Low
CVE-2024-45960
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Jenkins temporary uploaded file created with insecure permissions
Low
CVE-2023-43497
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Low
CVE-2022-2872
was published
for
OctoPrint
(pip)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API