Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,543 advisories

Loading
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary... High Unreviewed
CVE-2017-11756 was published May 17, 2022
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2... Critical Unreviewed
CVE-2017-20021 was published Jun 10, 2022
IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that... High Unreviewed
CVE-2021-29907 was published May 24, 2022
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to... Moderate Unreviewed
CVE-2015-4463 was published May 17, 2022
In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload... High Unreviewed
CVE-2022-30820 was published Jun 3, 2022
In Wedding Management System v1.0, the editing function of the "Services" module in the... High Unreviewed
CVE-2022-30821 was published Jun 3, 2022
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File... High Unreviewed
CVE-2022-30860 was published Jun 7, 2022
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. Critical Unreviewed
CVE-2017-3108 was published May 17, 2022
The file upload function of Agentflow BPM has insufficient filtering for special characters in... Critical Unreviewed
CVE-2022-39036 was published Nov 10, 2022
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture... High Unreviewed
CVE-2022-30819 was published Jun 3, 2022
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in... Critical Unreviewed
CVE-2022-30423 was published Jun 3, 2022
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to... High Unreviewed
CVE-2022-29725 was published Jun 3, 2022
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. High Unreviewed
CVE-2022-42189 was published Oct 21, 2022
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental... Critical Unreviewed
CVE-2022-32019 was published Jun 3, 2022
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. High Unreviewed
CVE-2021-45982 was published Jun 3, 2022
elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. Critical Unreviewed
CVE-2022-30808 was published Jun 3, 2022
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to... High Unreviewed
CVE-2022-29624 was published Jun 3, 2022
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. High Unreviewed
CVE-2021-33615 was published Jun 3, 2022
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload... High Unreviewed
CVE-2021-20584 was published May 24, 2022
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file... Critical Unreviewed
CVE-2021-24284 was published May 24, 2022
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture... High Unreviewed
CVE-2022-30822 was published Jun 3, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the... High Unreviewed
CVE-2022-24581 was published Jun 3, 2022
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability... Critical Unreviewed
CVE-2022-24239 was published Jun 3, 2022
Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via... High Unreviewed
CVE-2022-38323 was published Sep 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database