GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,246 advisories
Filter by severity
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2020-15645
was published
May 24, 2022
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and...
High
Unreviewed
CVE-2022-42287
was published
Jan 13, 2023
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal...
High
Unreviewed
CVE-2019-13359
was published
May 24, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized...
Critical
Unreviewed
CVE-2022-24651
was published
Mar 11, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized...
Critical
Unreviewed
CVE-2022-24652
was published
Mar 11, 2022
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 ...
High
Unreviewed
CVE-2021-43970
was published
Mar 11, 2022
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin...
Critical
Unreviewed
CVE-2022-25487
was published
Mar 16, 2022
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-25495
was published
Mar 16, 2022
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows...
Critical
Unreviewed
CVE-2021-45040
was published
Mar 18, 2022
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings...
High
Unreviewed
CVE-2022-25602
was published
Mar 19, 2022
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via...
Critical
Unreviewed
CVE-2021-45834
was published
Mar 19, 2022
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action...
High
Unreviewed
CVE-2022-26965
was published
Mar 19, 2022
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of...
Critical
Unreviewed
CVE-2021-45835
was published
Mar 19, 2022
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows...
High
Unreviewed
CVE-2020-26007
was published
Mar 22, 2022
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is...
High
Unreviewed
CVE-2022-0687
was published
Mar 22, 2022
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2...
Critical
Unreviewed
CVE-2022-23880
was published
Mar 24, 2022
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload....
High
Unreviewed
CVE-2022-25581
was published
Mar 20, 2022
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0...
High
Unreviewed
CVE-2020-26008
was published
Mar 22, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
High
Unreviewed
CVE-2022-23346
was published
Mar 22, 2022
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component...
Critical
Unreviewed
CVE-2021-39384
was published
Mar 22, 2022
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup...
Critical
Unreviewed
CVE-2021-27428
was published
Mar 24, 2022
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7...
Critical
Unreviewed
CVE-2022-22952
was published
Mar 24, 2022
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior...
High
Unreviewed
CVE-2022-1033
was published
Mar 24, 2022
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated...
Critical
Unreviewed
CVE-2022-26871
was published
Mar 30, 2022
A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType...
High
Unreviewed
CVE-2021-43101
was published
Mar 30, 2022
ProTip!
Advisories are also available from the
GraphQL API