Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,059 advisories

Loading
A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType... High Unreviewed
CVE-2021-43101 was published Mar 30, 2022
A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function... High Unreviewed
CVE-2021-43103 was published Mar 30, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not... High Unreviewed
CVE-2021-40905 was published Mar 27, 2022
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior... High Unreviewed
CVE-2022-1033 was published Mar 24, 2022
Unrestricted Upload of File with Dangerous Type in ShowDoc High
CVE-2022-1034 was published for showdoc/showdoc (Composer) Mar 23, 2022
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows... High Unreviewed
CVE-2020-26007 was published Mar 22, 2022
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0... High Unreviewed
CVE-2020-26008 was published Mar 22, 2022
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is... High Unreviewed
CVE-2022-0687 was published Mar 22, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. High Unreviewed
CVE-2022-23346 was published Mar 22, 2022
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload.... High Unreviewed
CVE-2022-25581 was published Mar 20, 2022
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action... High Unreviewed
CVE-2022-26965 was published Mar 19, 2022
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings... High Unreviewed
CVE-2022-25602 was published Mar 19, 2022
With administrator or admin privileges the application can be tricked into overwriting files in... High Unreviewed
CVE-2022-24387 was published Mar 15, 2022
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 ... High Unreviewed
CVE-2021-43970 was published Mar 11, 2022
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by... High Unreviewed
CVE-2022-26521 was published Mar 11, 2022
Unrestricted Upload of File with Dangerous Type in Croogo High
CVE-2021-44673 was published for croogo/croogo (Composer) Mar 11, 2022
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files'... High Unreviewed
CVE-2021-24216 was published Mar 8, 2022
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to... High Unreviewed
CVE-2022-0440 was published Mar 8, 2022
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user... High Unreviewed
CVE-2022-25115 was published Mar 4, 2022
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed
CVE-2022-24251 was published Mar 3, 2022
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed
CVE-2022-24253 was published Mar 3, 2022
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis... High Unreviewed
CVE-2022-24252 was published Mar 3, 2022
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis... High Unreviewed
CVE-2022-24254 was published Mar 3, 2022
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability... High Unreviewed
CVE-2022-23906 was published Mar 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database