Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

869 advisories

Loading
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed
CVE-2022-24651 was published Mar 11, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed
CVE-2022-24652 was published Mar 11, 2022
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to... Critical Unreviewed
CVE-2022-25495 was published Mar 16, 2022
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin... Critical Unreviewed
CVE-2022-25487 was published Mar 16, 2022
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows... Critical Unreviewed
CVE-2021-45040 was published Mar 18, 2022
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via... Critical Unreviewed
CVE-2021-45834 was published Mar 19, 2022
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of... Critical Unreviewed
CVE-2021-45835 was published Mar 19, 2022
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2... Critical Unreviewed
CVE-2022-23880 was published Mar 24, 2022
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component... Critical Unreviewed
CVE-2021-39384 was published Mar 22, 2022
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup... Critical Unreviewed
CVE-2021-27428 was published Mar 24, 2022
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7... Critical Unreviewed
CVE-2022-22952 was published Mar 24, 2022
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed
CVE-2022-26871 was published Mar 30, 2022
A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via... Critical Unreviewed
CVE-2021-45865 was published Mar 30, 2022
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows... Critical Unreviewed
CVE-2022-26645 was published Apr 1, 2022
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *... Critical Unreviewed
CVE-2021-28428 was published Apr 6, 2022
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type... Critical Unreviewed
CVE-2022-24136 was published Apr 1, 2022
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27131 was published Apr 11, 2022
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via ... Critical Unreviewed
CVE-2022-27357 was published Apr 9, 2022
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. Critical Unreviewed
CVE-2022-27047 was published Apr 9, 2022
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at ... Critical Unreviewed
CVE-2022-27477 was published Apr 11, 2022
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27129 was published Apr 11, 2022
here is an arbitrary file upload vulnerability in the file management function module of... Critical Unreviewed
CVE-2022-45966 was published Dec 22, 2022
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows... Critical Unreviewed
CVE-2022-27262 was published Apr 13, 2022
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ... Critical Unreviewed
CVE-2022-27351 was published Apr 9, 2022
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This... Critical Unreviewed
CVE-2022-1345 was published Apr 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database