Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,084 advisories

Loading
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload... High Unreviewed
CVE-2022-26605 was published Apr 7, 2022
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver... High Unreviewed
CVE-2021-43430 was published Apr 8, 2022
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write... High Unreviewed
CVE-2022-26627 was published Apr 8, 2022
Infinite loop in .Net Bond High
CVE-2020-1469 was published for Bond.Core.CSharp (NuGet) Apr 8, 2022
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin... High Unreviewed
CVE-2021-46367 was published Apr 9, 2022
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via ... High Unreviewed
CVE-2022-27346 was published Apr 9, 2022
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post... High Unreviewed
CVE-2022-27061 was published Apr 9, 2022
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability... High Unreviewed
CVE-2022-27352 was published Apr 9, 2022
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via... High Unreviewed
CVE-2022-27349 was published Apr 9, 2022
Musical World v1 was discovered to contain an arbitrary file upload vulnerability via... High Unreviewed
CVE-2022-27064 was published Apr 9, 2022
The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file,... High Unreviewed
CVE-2022-1008 was published Apr 12, 2022
Express-FileUpload Arbitrary File Overwrite High
CVE-2022-27261 was published for express-fileupload (npm) Apr 13, 2022
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of... High Unreviewed
CVE-2022-1329 was published Apr 20, 2022
TYPO3 Arbitrary Code Execution vulnerability on the backend High
CVE-2010-3663 was published for typo3/cms-backend (Composer) Apr 21, 2022
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code... High Unreviewed
CVE-2022-28440 was published Apr 22, 2022
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the... High Unreviewed
CVE-2022-27478 was published Apr 22, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP... High Unreviewed
CVE-2022-27925 was published Apr 22, 2022
Unrestricted Upload of File with Dangerous Type in Apache Struts2 High
CVE-2012-1592 was published for org.apache.struts:struts2-core (Maven) Apr 23, 2022
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files... High Unreviewed
CVE-2022-22392 was published Apr 26, 2022
IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not... High Unreviewed
CVE-2021-39040 was published Apr 26, 2022
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users,... High Unreviewed
CVE-2021-4225 was published Apr 26, 2022
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior... High Unreviewed
CVE-2021-25094 was published Apr 26, 2022
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload... High Unreviewed
CVE-2022-28053 was published Apr 26, 2022
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin... High Unreviewed
CVE-2022-28525 was published Apr 27, 2022
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin... High Unreviewed
CVE-2022-28528 was published Apr 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database