Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,427 advisories

Loading
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload... High Unreviewed
CVE-2022-28053 was published Apr 26, 2022
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. Critical Unreviewed
CVE-2022-44354 was published Nov 29, 2022
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on... High Unreviewed
CVE-2022-38140 was published Nov 28, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39154 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ka1n4t
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39149 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows... Moderate Unreviewed
CVE-2020-5844 was published May 24, 2022
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could... High Unreviewed
CVE-2020-8599 was published May 24, 2022
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior... High Unreviewed
CVE-2021-25094 was published Apr 26, 2022
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists... High Unreviewed
CVE-2022-37140 was published Sep 15, 2022
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager High
CVE-2019-16530 was published for org.sonatype.nexus:nexus-repository (Maven) May 24, 2022
Insecure File Permissions and Arbitrary File Upload in the upload pic function in... High Unreviewed
CVE-2020-24203 was published May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary... High Unreviewed
CVE-2021-44426 was published Sep 13, 2022
An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo... Critical Unreviewed
CVE-2022-29632 was published May 27, 2022
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact... Moderate Unreviewed
CVE-2020-29450 was published May 24, 2022
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL... High Unreviewed
CVE-2022-23050 was published May 25, 2022
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of... High Unreviewed
CVE-2022-36667 was published Sep 15, 2022
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable... High Unreviewed
CVE-2020-26806 was published May 24, 2022
Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via... High Unreviewed
CVE-2022-38323 was published Sep 16, 2022
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability... Critical Unreviewed
CVE-2022-24239 was published Jun 3, 2022
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the... High Unreviewed
CVE-2022-24581 was published Jun 3, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture... High Unreviewed
CVE-2022-30822 was published Jun 3, 2022
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file... Critical Unreviewed
CVE-2021-24284 was published May 24, 2022
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload... High Unreviewed
CVE-2021-20584 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database