GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,062 advisories
Filter by severity
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis...
High
Unreviewed
CVE-2022-24254
was published
Mar 3, 2022
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis...
High
Unreviewed
CVE-2022-24252
was published
Mar 3, 2022
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability...
High
Unreviewed
CVE-2022-23906
was published
Mar 2, 2022
Unrestricted Upload of File with Dangerous Type in MODX Revolution
High
CVE-2022-26149
was published
for
modx/revolution
(Composer)
Feb 27, 2022
File upload restriction bypass in Zenario CMS
High
CVE-2022-23043
was published
for
tribalsystems/zenario
(Composer)
Feb 25, 2022
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install...
High
Unreviewed
CVE-2021-44967
was published
Feb 25, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged...
High
Unreviewed
CVE-2022-25360
was published
Feb 25, 2022
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in...
High
Unreviewed
CVE-2021-44664
was published
Feb 25, 2022
Unrestricted Upload of File with Dangerous Type in showdoc
High
CVE-2022-0409
was published
for
showdoc/showdoc
(Composer)
Feb 20, 2022
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can...
High
Unreviewed
CVE-2022-23375
was published
Feb 20, 2022
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in...
High
Unreviewed
CVE-2022-23048
was published
Feb 11, 2022
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent...
High
Unreviewed
CVE-2022-24262
was published
Feb 10, 2022
update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP...
High
Unreviewed
CVE-2022-24676
was published
Feb 10, 2022
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote...
High
Unreviewed
CVE-2021-46360
was published
Feb 10, 2022
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used)...
High
Unreviewed
CVE-2021-37194
was published
Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in motionEye
High
CVE-2021-44255
was published
for
motioneye
(pip)
Feb 1, 2022
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php...
High
Unreviewed
CVE-2021-46097
was published
Jan 28, 2022
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability,...
High
Unreviewed
CVE-2021-44123
was published
Jan 27, 2022
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The...
High
Unreviewed
CVE-2021-46115
was published
Jan 27, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController...
High
Unreviewed
CVE-2021-46116
was published
Jan 27, 2022
In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution...
High
Unreviewed
CVE-2021-46113
was published
Jan 26, 2022
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-4080
was published
for
bytefury/crater
(Composer)
Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in Crater
High
CVE-2022-0242
was published
for
bytefury/crater
(Composer)
Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in pimcore
High
CVE-2022-0263
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
jpress v4.2.0 allows users to register an account by default. With the account, user can upload...
High
Unreviewed
CVE-2021-45808
was published
Jan 20, 2022
ProTip!
Advisories are also available from the
GraphQL API