Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

982 advisories

Loading
A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute... Critical Unreviewed
CVE-2022-28927 was published May 20, 2022
Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability. Critical Unreviewed
CVE-2022-28104 was published May 21, 2022
Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2022-30887 was published May 21, 2022
Linear eMerge E3-Series devices allow Unrestricted File Upload. Critical Unreviewed
CVE-2019-7257 was published May 24, 2022
Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. Critical Unreviewed
CVE-2022-35150 was published Aug 23, 2022
An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen... Critical Unreviewed
CVE-2022-43265 was published Nov 16, 2022
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to... Critical Unreviewed
CVE-2022-40981 was published Nov 11, 2022
AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component ... Critical Unreviewed
CVE-2022-43074 was published Nov 11, 2022
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate... Critical Unreviewed
CVE-2022-4047 was published Dec 26, 2022
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video... Critical Unreviewed
CVE-2022-45896 was published Dec 25, 2022
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets... Critical Unreviewed
CVE-2015-3884 was published May 17, 2022
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Critical Unreviewed
CVE-2015-1000000 was published May 17, 2022
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component ... Critical Unreviewed
CVE-2022-40050 was published Sep 27, 2022
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote... Critical Unreviewed
CVE-2016-5050 was published May 17, 2022
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to... Critical Unreviewed
CVE-2022-34613 was published Aug 3, 2022
Arbitrary file upload vulnerability in php uploader Critical Unreviewed
CVE-2022-40721 was published Oct 4, 2022
Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the... Critical Unreviewed
CVE-2022-34496 was published Jul 30, 2022
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified... Critical Unreviewed
CVE-2022-2746 was published Aug 12, 2022
A vulnerability was found in SourceCodester Company Website CMS and classified as critical.... Critical Unreviewed
CVE-2022-2751 was published Aug 12, 2022
A vulnerability, which was classified as critical, has been found in SourceCodester Gym... Critical Unreviewed
CVE-2022-2744 was published Aug 12, 2022
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin Critical Unreviewed
CVE-2015-1000001 was published May 17, 2022
A vulnerability, which was classified as critical, was found in SourceCodester Company Website... Critical Unreviewed
CVE-2022-2750 was published Aug 12, 2022
A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical... Critical Unreviewed
CVE-2022-2740 was published Aug 12, 2022
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL... Critical Unreviewed
CVE-2022-28369 was published Jul 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database