GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,444

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,218 advisories

Filter by severity

Sort by

Least recently updated

This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed

CVE-2020-15645 was published May 24, 2022

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and... High Unreviewed

CVE-2022-42287 was published Jan 13, 2023

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal... High Unreviewed

CVE-2019-13359 was published May 24, 2022

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed

CVE-2022-24651 was published Mar 11, 2022

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 ... High Unreviewed

CVE-2021-43970 was published Mar 11, 2022

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed

CVE-2022-24652 was published Mar 11, 2022

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to... Critical Unreviewed

CVE-2022-25495 was published Mar 16, 2022

Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin... Critical Unreviewed

CVE-2022-25487 was published Mar 16, 2022

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows... Critical Unreviewed

CVE-2021-45040 was published Mar 18, 2022

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings... High Unreviewed

CVE-2022-25602 was published Mar 19, 2022

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via... Critical Unreviewed

CVE-2021-45834 was published Mar 19, 2022

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action... High Unreviewed

CVE-2022-26965 was published Mar 19, 2022

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows... High Unreviewed

CVE-2020-26007 was published Mar 22, 2022

The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of... Critical Unreviewed

CVE-2021-45835 was published Mar 19, 2022

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is... High Unreviewed

CVE-2022-0687 was published Mar 22, 2022

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2... Critical Unreviewed

CVE-2022-23880 was published Mar 24, 2022

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload.... High Unreviewed

CVE-2022-25581 was published Mar 20, 2022

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0... High Unreviewed

CVE-2020-26008 was published Mar 22, 2022

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. High Unreviewed

CVE-2022-23346 was published Mar 22, 2022

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component... Critical Unreviewed

CVE-2021-39384 was published Mar 22, 2022

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior... High Unreviewed

CVE-2022-1033 was published Mar 24, 2022

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup... Critical Unreviewed

CVE-2021-27428 was published Mar 24, 2022

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7... Critical Unreviewed

CVE-2022-22952 was published Mar 24, 2022

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed

CVE-2022-26871 was published Mar 30, 2022

A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType... High Unreviewed

CVE-2021-43101 was published Mar 30, 2022

Previous 1 2 3 4 5 … 88 89 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,218 advisories