Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,418 advisories

Loading
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability... Critical Unreviewed
CVE-2022-24239 was published Jun 3, 2022
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the... High Unreviewed
CVE-2022-24581 was published Jun 3, 2022
Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via... High Unreviewed
CVE-2022-38323 was published Sep 16, 2022
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable... High Unreviewed
CVE-2020-26806 was published May 24, 2022
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of... High Unreviewed
CVE-2022-36667 was published Sep 15, 2022
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL... High Unreviewed
CVE-2022-23050 was published May 25, 2022
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact... Moderate Unreviewed
CVE-2020-29450 was published May 24, 2022
An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo... Critical Unreviewed
CVE-2022-29632 was published May 27, 2022
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary... High Unreviewed
CVE-2021-44426 was published Sep 13, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Insecure File Permissions and Arbitrary File Upload in the upload pic function in... High Unreviewed
CVE-2020-24203 was published May 24, 2022
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager High
CVE-2019-16530 was published for org.sonatype.nexus:nexus-repository (Maven) May 24, 2022
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists... High Unreviewed
CVE-2022-37140 was published Sep 15, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39149 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39154 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ka1n4t
Credited to ka1n4t
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows... Moderate Unreviewed
CVE-2020-5844 was published May 24, 2022
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on... High Unreviewed
CVE-2022-38140 was published Nov 28, 2022
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. Critical Unreviewed
CVE-2022-44354 was published Nov 29, 2022
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload... High Unreviewed
CVE-2022-28053 was published Apr 26, 2022
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users,... High Unreviewed
CVE-2021-4225 was published Apr 26, 2022
Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2022-28021 was published Apr 22, 2022
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files... High Unreviewed
CVE-2022-22392 was published Apr 26, 2022
IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not... High Unreviewed
CVE-2021-39040 was published Apr 26, 2022
Prima Systems FlexAir devices allow Unauthenticated Command Injection resulting in Root Remote... Critical Unreviewed
CVE-2019-7669 was published May 24, 2022
Arbitrary file upload in ShopXO High
CVE-2021-41938 was published for shopxo/shopxo (Composer) May 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database