Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,066
Maven
5,000+
npm
4,947
NuGet
825
pip
4,403
Pub
12
RubyGems
988
Rust
1,151
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,432 advisories

Loading
Chain Sea ai chatbot system’s file upload function has insufficient filtering for special... Critical Unreviewed
CVE-2021-44164 was published Dec 21, 2021
4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker... Critical Unreviewed
CVE-2021-44159 was published Dec 21, 2021
The "Log alert to a file" action within action management enables any Orion Platform user with... High Unreviewed
CVE-2021-35244 was published Dec 21, 2021
Code injection in plupload Moderate
CVE-2021-23562 was published for plupload (npm) Dec 16, 2021
An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An... High Unreviewed
CVE-2021-41870 was published Dec 16, 2021
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an... Critical Unreviewed
CVE-2021-41560 was published Dec 16, 2021
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. Critical Unreviewed
CVE-2021-40883 was published Dec 15, 2021
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution... Critical Unreviewed
CVE-2021-43117 was published Dec 14, 2021
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading... High Unreviewed
CVE-2021-27984 was published Dec 11, 2021
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior... High Unreviewed
CVE-2021-27860 was published Dec 9, 2021
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The... High Unreviewed
CVE-2021-36719 was published Dec 9, 2021
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report... High Unreviewed
CVE-2021-21957 was published Dec 9, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42125 was published Dec 8, 2021
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI... Critical Unreviewed
CVE-2021-43936 was published Dec 7, 2021
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute... High Unreviewed
CVE-2020-29176 was published Dec 4, 2021
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s... High Unreviewed
CVE-2021-42123 was published Dec 1, 2021
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Critical Unreviewed
CVE-2021-42099 was published Dec 1, 2021
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could... High Unreviewed
CVE-2021-44094 was published Nov 29, 2021
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content. Moderate
CVE-2021-43617 was published for laravel/framework (Composer) Nov 16, 2021 withdrawn
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2021-3915 was published for ssddanbrown/bookstack (Composer) Nov 15, 2021
Unrestricted Uploads in Concrete5 High
CVE-2020-11476 was published for concrete5/concrete5 (Composer) Nov 3, 2021
tdunlap607 Credited to tdunlap607
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. High
CVE-2021-40324 was published for cobbler (pip) Oct 5, 2021
Arbitrary Code Execution in feehi/cms High
CVE-2020-21322 was published for feehi/cms (Composer) Sep 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database