Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,543 advisories

Loading
JFinal file validation vulnerability High
CVE-2019-17352 was published for com.jfinal:jfinal (Maven) May 25, 2022
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the... High Unreviewed
CVE-2022-27478 was published Apr 22, 2022
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code... High Unreviewed
CVE-2022-28440 was published Apr 22, 2022
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the... Critical Unreviewed
CVE-2010-1433 was published Apr 21, 2022
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5... Critical Unreviewed
CVE-2022-27862 was published Apr 20, 2022
Unrestricted Upload of File with Dangerous Type in Payload Critical
CVE-2022-27952 was published for payload (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-27139 was published for ghost (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS Critical
CVE-2022-27260 was published for buttercms (npm) Apr 13, 2022
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This... Critical Unreviewed
CVE-2022-1345 was published Apr 14, 2022
The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file,... High Unreviewed
CVE-2022-1008 was published Apr 12, 2022
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ... Critical Unreviewed
CVE-2022-27351 was published Apr 9, 2022
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post... High Unreviewed
CVE-2022-27061 was published Apr 9, 2022
Musical World v1 was discovered to contain an arbitrary file upload vulnerability via... High Unreviewed
CVE-2022-27064 was published Apr 9, 2022
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows... Critical Unreviewed
CVE-2022-27262 was published Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Strapi Critical
CVE-2022-27263 was published for strapi (npm) Apr 13, 2022
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. Moderate Unreviewed
CVE-2022-1045 was published Apr 12, 2022
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write... High Unreviewed
CVE-2022-26627 was published Apr 8, 2022
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27129 was published Apr 11, 2022
here is an arbitrary file upload vulnerability in the file management function module of... Critical Unreviewed
CVE-2022-45966 was published Dec 22, 2022
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at ... Critical Unreviewed
CVE-2022-27477 was published Apr 11, 2022
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. Critical Unreviewed
CVE-2022-27047 was published Apr 9, 2022
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via ... Critical Unreviewed
CVE-2022-27357 was published Apr 9, 2022
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the... High Unreviewed
CVE-2022-0537 was published Apr 5, 2022
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27131 was published Apr 11, 2022
An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote... High Unreviewed
CVE-2022-27249 was published Apr 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database