Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

892 advisories

Loading
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class... Critical Unreviewed
CVE-2018-15882 was published May 14, 2022
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0... Critical Unreviewed
CVE-2015-9263 was published May 14, 2022
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config... Critical Unreviewed
CVE-2014-10074 was published May 14, 2022
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Critical Unreviewed
CVE-2018-16287 was published May 14, 2022
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team... Critical Unreviewed
CVE-2018-16370 was published May 14, 2022
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an... Critical Unreviewed
CVE-2018-17440 was published May 14, 2022
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of... Critical Unreviewed
CVE-2018-17573 was published May 14, 2022
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows... Critical Unreviewed
CVE-2015-9271 was published May 14, 2022
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the... Critical Unreviewed
CVE-2018-18752 was published May 14, 2022
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta Critical Unreviewed
CVE-2018-9208 was published May 14, 2022
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload... Critical Unreviewed
CVE-2018-18874 was published May 14, 2022
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute... Critical Unreviewed
CVE-2018-19126 was published May 14, 2022
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. Critical Unreviewed
CVE-2018-0645 was published May 14, 2022
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action... Critical Unreviewed
CVE-2018-18793 was published May 14, 2022
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote... Critical Unreviewed
CVE-2018-19692 was published May 14, 2022
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend... Critical Unreviewed
CVE-2018-18888 was published May 14, 2022
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files... Critical Unreviewed
CVE-2018-6152 was published May 14, 2022
An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of... Critical Unreviewed
CVE-2018-7836 was published May 14, 2022
ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could... Critical Unreviewed
CVE-2018-5204 was published May 14, 2022
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any... Critical Unreviewed
CVE-2019-0259 was published May 14, 2022
inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file... Critical Unreviewed
CVE-2019-7684 was published May 14, 2022
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a ... Critical Unreviewed
CVE-2019-9623 was published May 14, 2022
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting... Critical Unreviewed
CVE-2019-9825 was published May 14, 2022
In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely... Critical Unreviewed
CVE-2018-19514 was published May 14, 2022
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. Critical Unreviewed
CVE-2018-20526 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database