Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,645 advisories

Loading
A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function... High Unreviewed
CVE-2021-43103 was published Mar 30, 2022
A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function... High Unreviewed
CVE-2021-43100 was published Mar 30, 2022
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to... High Unreviewed
CVE-2022-28223 was published Mar 31, 2022
A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType... High Unreviewed
CVE-2021-43101 was published Mar 30, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup... Critical Unreviewed
CVE-2021-27428 was published Mar 24, 2022
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7... Critical Unreviewed
CVE-2022-22952 was published Mar 24, 2022
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior... High Unreviewed
CVE-2022-1033 was published Mar 24, 2022
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component... Critical Unreviewed
CVE-2021-39384 was published Mar 22, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. High Unreviewed
CVE-2022-23346 was published Mar 22, 2022
Unrestricted Upload of File with Dangerous Type in ShowDoc High
CVE-2022-1034 was published for showdoc/showdoc (Composer) Mar 23, 2022
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0... High Unreviewed
CVE-2020-26008 was published Mar 22, 2022
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload.... High Unreviewed
CVE-2022-25581 was published Mar 20, 2022
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2... Critical Unreviewed
CVE-2022-23880 was published Mar 24, 2022
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is... High Unreviewed
CVE-2022-0687 was published Mar 22, 2022
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action... High Unreviewed
CVE-2022-26965 was published Mar 19, 2022
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of... Critical Unreviewed
CVE-2021-45835 was published Mar 19, 2022
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows... High Unreviewed
CVE-2020-26007 was published Mar 22, 2022
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via... Critical Unreviewed
CVE-2021-45834 was published Mar 19, 2022
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings... High Unreviewed
CVE-2022-25602 was published Mar 19, 2022
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows... Critical Unreviewed
CVE-2021-45040 was published Mar 18, 2022
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin... Critical Unreviewed
CVE-2022-25487 was published Mar 16, 2022
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to... Critical Unreviewed
CVE-2022-25495 was published Mar 16, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS Critical
CVE-2021-42171 was published for tribalsystems/zenario (Composer) Mar 15, 2022
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc Moderate
CVE-2022-0951 was published for showdoc/showdoc (Composer) Mar 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database