Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,287 advisories

Loading
A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. High Unreviewed
CVE-2021-43098 was published Mar 30, 2022
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows... Critical Unreviewed
CVE-2022-26645 was published Apr 1, 2022
The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the... High Unreviewed
CVE-2022-0403 was published Apr 5, 2022
Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component... High Unreviewed
CVE-2022-28062 was published Apr 5, 2022
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *... Critical Unreviewed
CVE-2021-28428 was published Apr 6, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4 High
CVE-2021-34257 was published for wpanel/wpanel4-cms (Composer) Apr 1, 2022
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type... Critical Unreviewed
CVE-2022-24136 was published Apr 1, 2022
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via ... High Unreviewed
CVE-2022-26630 was published Apr 6, 2022
An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed... High Unreviewed
CVE-2020-28062 was published Apr 5, 2022
A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an... High Unreviewed
CVE-2021-32961 was published Apr 3, 2022
An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0... High Unreviewed
CVE-2022-27435 was published Apr 5, 2022
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload... High Unreviewed
CVE-2022-26605 was published Apr 7, 2022
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver... High Unreviewed
CVE-2021-43430 was published Apr 8, 2022
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via... High Unreviewed
CVE-2022-27349 was published Apr 9, 2022
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin... High Unreviewed
CVE-2021-46367 was published Apr 9, 2022
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the... High Unreviewed
CVE-2022-26619 was published Apr 6, 2022
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability... High Unreviewed
CVE-2022-27352 was published Apr 9, 2022
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via ... High Unreviewed
CVE-2022-27346 was published Apr 9, 2022
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow... High Unreviewed
CVE-2022-26607 was published Apr 7, 2022
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the... High Unreviewed
CVE-2022-0537 was published Apr 5, 2022
An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote... High Unreviewed
CVE-2022-27249 was published Apr 5, 2022
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27131 was published Apr 11, 2022
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at ... Critical Unreviewed
CVE-2022-27477 was published Apr 11, 2022
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. Critical Unreviewed
CVE-2022-27047 was published Apr 9, 2022
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via ... Critical Unreviewed
CVE-2022-27357 was published Apr 9, 2022
ProTip! Advisories are also available from the GraphQL API