Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,791
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,426 advisories

Loading
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. High Unreviewed
CVE-2021-45982 was published Jun 3, 2022
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental... Critical Unreviewed
CVE-2022-32019 was published Jun 3, 2022
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. High Unreviewed
CVE-2022-42189 was published Oct 21, 2022
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to... High Unreviewed
CVE-2022-29725 was published Jun 3, 2022
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in... Critical Unreviewed
CVE-2022-30423 was published Jun 3, 2022
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture... High Unreviewed
CVE-2022-30819 was published Jun 3, 2022
The file upload function of Agentflow BPM has insufficient filtering for special characters in... Critical Unreviewed
CVE-2022-39036 was published Nov 10, 2022
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. Critical Unreviewed
CVE-2017-3108 was published May 17, 2022
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File... High Unreviewed
CVE-2022-30860 was published Jun 7, 2022
In Wedding Management System v1.0, the editing function of the "Services" module in the... High Unreviewed
CVE-2022-30821 was published Jun 3, 2022
In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload... High Unreviewed
CVE-2022-30820 was published Jun 3, 2022
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to... Moderate Unreviewed
CVE-2015-4463 was published May 17, 2022
IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that... High Unreviewed
CVE-2021-29907 was published May 24, 2022
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2... Critical Unreviewed
CVE-2017-20021 was published Jun 10, 2022
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary... High Unreviewed
CVE-2017-11756 was published May 17, 2022
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5... Moderate Unreviewed
CVE-2015-4462 was published May 17, 2022
Unrestricted Attachment Upload High
CVE-2022-2111 was published for inventree (pip) Jun 17, 2022
saharshtapi Credited to saharshtapi
Unrestricted Upload of File with Dangerous Type in Elefant CMS High
CVE-2017-20063 was published for elefant/cms (Composer) Jun 21, 2022
The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon... High Unreviewed
CVE-2022-0863 was published Jun 14, 2022
itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via... High Unreviewed
CVE-2022-32433 was published Jun 16, 2022
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in... High Unreviewed
CVE-2017-11466 was published May 17, 2022
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated... High Unreviewed
CVE-2013-1916 was published Jun 25, 2022
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker... Critical Unreviewed
CVE-2021-40954 was published Jun 24, 2022
The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-42043 was published Oct 12, 2022
The d8s-algorithms package for Python, as distributed on PyPI, included a potential code... Critical Unreviewed
CVE-2022-42040 was published Oct 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database