GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,457 advisories
Filter by severity
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged...
High
Unreviewed
CVE-2022-25360
was published
Feb 25, 2022
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in...
High
Unreviewed
CVE-2021-44664
was published
Feb 25, 2022
An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function...
Critical
Unreviewed
CVE-2022-24553
was published
Feb 22, 2022
Unrestricted Upload of File with Dangerous Type in showdoc
High
CVE-2022-0409
was published
for
showdoc/showdoc
(Composer)
Feb 20, 2022
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can...
High
Unreviewed
CVE-2022-23375
was published
Feb 20, 2022
File upload leading to RCE in MCMS
Critical
CVE-2021-46036
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 19, 2022
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow...
Critical
Unreviewed
CVE-2022-24984
was published
Feb 17, 2022
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary...
Critical
Unreviewed
CVE-2022-23390
was published
Feb 15, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core
Critical
CVE-2020-13675
was published
for
drupal/core
(Composer)
Feb 12, 2022
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead...
Critical
Unreviewed
CVE-2021-22803
was published
Feb 12, 2022
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in...
High
Unreviewed
CVE-2022-23048
was published
Feb 11, 2022
Improper file handling in matrix-react-sdk
Moderate
CVE-2021-32622
was published
for
matrix-react-sdk
(npm)
Feb 10, 2022
Unrestricted Uploads in Concrete5
Moderate
CVE-2020-14961
was published
for
concrete5/concrete5
(Composer)
Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP
Moderate
CVE-2020-15839
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 10, 2022
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent...
High
Unreviewed
CVE-2022-24262
was published
Feb 10, 2022
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows...
Critical
Unreviewed
CVE-2022-23329
was published
Feb 10, 2022
update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP...
High
Unreviewed
CVE-2022-24676
was published
Feb 10, 2022
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote...
High
Unreviewed
CVE-2021-46360
was published
Feb 10, 2022
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used)...
High
Unreviewed
CVE-2021-37194
was published
Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Moderate
CVE-2022-0472
was published
for
jsdecena/laracom
(Composer)
Feb 6, 2022
Unrestricted Upload of File with Dangerous Type in motionEye
High
CVE-2021-44255
was published
for
motioneye
(pip)
Feb 1, 2022
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php...
High
Unreviewed
CVE-2021-46097
was published
Jan 28, 2022
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1...
Critical
Unreviewed
CVE-2021-46428
was published
Jan 28, 2022
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability,...
High
Unreviewed
CVE-2021-44123
was published
Jan 27, 2022
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The...
High
Unreviewed
CVE-2021-46115
was published
Jan 27, 2022
ProTip!
Advisories are also available from the
GraphQL API