Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

892 advisories

Loading
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow... Critical Unreviewed
CVE-2022-24984 was published Feb 17, 2022
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary... Critical Unreviewed
CVE-2022-23390 was published Feb 15, 2022
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead... Critical Unreviewed
CVE-2021-22803 was published Feb 12, 2022
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows... Critical Unreviewed
CVE-2022-23329 was published Feb 10, 2022
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1... Critical Unreviewed
CVE-2021-46428 was published Jan 28, 2022
In ForestBlog, as of 2021-12-28, File upload can bypass verification. Critical Unreviewed
CVE-2021-46033 was published Jan 26, 2022
SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows... Critical Unreviewed
CVE-2021-38697 was published Jan 19, 2022
An unrestricted file upload vulnerability exists in Sourcecodester Free school management... Critical Unreviewed
CVE-2021-46013 was published Jan 19, 2022
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database... Critical Unreviewed
CVE-2021-45411 was published Jan 13, 2022
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles... Critical Unreviewed
CVE-2021-44031 was published Dec 23, 2021
4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker... Critical Unreviewed
CVE-2021-44159 was published Dec 21, 2021
Chain Sea ai chatbot system’s file upload function has insufficient filtering for special... Critical Unreviewed
CVE-2021-44164 was published Dec 21, 2021
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an... Critical Unreviewed
CVE-2021-41560 was published Dec 16, 2021
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. Critical Unreviewed
CVE-2021-40883 was published Dec 15, 2021
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution... Critical Unreviewed
CVE-2021-43117 was published Dec 14, 2021
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI... Critical Unreviewed
CVE-2021-43936 was published Dec 7, 2021
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Critical Unreviewed
CVE-2021-42099 was published Dec 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database