Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,328
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,060 advisories

Loading
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient... High Unreviewed
CVE-2023-6219 was published Nov 28, 2023
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated... High Unreviewed
CVE-2023-29770 was published Nov 28, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows... High Unreviewed
CVE-2023-41788 was published Nov 23, 2023
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to... High Unreviewed
CVE-2023-5822 was published Nov 22, 2023
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to... High Unreviewed
CVE-2023-6187 was published Nov 18, 2023
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X... High Unreviewed
CVE-2023-39548 was published Nov 17, 2023
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been... High Unreviewed
CVE-2023-42659 was published Nov 14, 2023
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote... High Unreviewed
CVE-2023-33480 was published Nov 14, 2023
Guest Entries Remote code execution via file uploads High
CVE-2023-47621 was published for doublethreedigital/guest-entries (Composer) Nov 14, 2023
Statamic CMS remote code execution via front-end form uploads High
CVE-2023-47129 was published for statamic/cms (Composer) Nov 12, 2023
Cyber-Wo0dy
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation... High Unreviewed
CVE-2023-41725 was published Nov 3, 2023
Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it... High Unreviewed
CVE-2023-41357 was published Nov 3, 2023
The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2023-5860 was published Nov 2, 2023
An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary... High Unreviewed
CVE-2023-46428 was published Nov 1, 2023
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24... High Unreviewed
CVE-2023-1713 was published Nov 1, 2023
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File... High Unreviewed
CVE-2023-46815 was published Oct 27, 2023
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code... High Unreviewed
CVE-2023-45555 was published Oct 25, 2023
Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows... High Unreviewed
CVE-2023-26578 was published Oct 25, 2023
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service... High Unreviewed
CVE-2023-5524 was published Oct 20, 2023
HCL Compass is vulnerable to lack of file upload security.  An attacker could upload files... High Unreviewed
CVE-2023-37502 was published Oct 19, 2023
Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the... High Unreviewed
CVE-2023-46004 was published Oct 18, 2023
eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability... High Unreviewed
CVE-2023-41631 was published Oct 18, 2023
An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via... High Unreviewed
CVE-2023-44824 was published Oct 17, 2023
Unrestricted upload of file with dangerous type vulnerability in create template function in... High Unreviewed
CVE-2023-34207 was published Oct 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database