Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,457 advisories

Loading
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings... High Unreviewed
CVE-2022-25602 was published Mar 19, 2022
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via... Critical Unreviewed
CVE-2021-45834 was published Mar 19, 2022
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action... High Unreviewed
CVE-2022-26965 was published Mar 19, 2022
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows... High Unreviewed
CVE-2020-26007 was published Mar 22, 2022
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of... Critical Unreviewed
CVE-2021-45835 was published Mar 19, 2022
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is... High Unreviewed
CVE-2022-0687 was published Mar 22, 2022
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2... Critical Unreviewed
CVE-2022-23880 was published Mar 24, 2022
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload.... High Unreviewed
CVE-2022-25581 was published Mar 20, 2022
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0... High Unreviewed
CVE-2020-26008 was published Mar 22, 2022
Unrestricted Upload of File with Dangerous Type in ShowDoc High
CVE-2022-1034 was published for showdoc/showdoc (Composer) Mar 23, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. High Unreviewed
CVE-2022-23346 was published Mar 22, 2022
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component... Critical Unreviewed
CVE-2021-39384 was published Mar 22, 2022
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior... High Unreviewed
CVE-2022-1033 was published Mar 24, 2022
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup... Critical Unreviewed
CVE-2021-27428 was published Mar 24, 2022
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7... Critical Unreviewed
CVE-2022-22952 was published Mar 24, 2022
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed
CVE-2022-26871 was published Mar 30, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType... High Unreviewed
CVE-2021-43101 was published Mar 30, 2022
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to... High Unreviewed
CVE-2022-28223 was published Mar 31, 2022
A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function... High Unreviewed
CVE-2021-43103 was published Mar 30, 2022
A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function... High Unreviewed
CVE-2021-43100 was published Mar 30, 2022
A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function,... High Unreviewed
CVE-2021-43102 was published Mar 30, 2022
Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload... High Unreviewed
CVE-2022-23155 was published Apr 2, 2022
A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via... Critical Unreviewed
CVE-2021-45865 was published Mar 30, 2022
A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. High Unreviewed
CVE-2021-43098 was published Mar 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database