GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
892 advisories
Filter by severity
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized...
Critical
Unreviewed
CVE-2022-24651
was published
Mar 11, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized...
Critical
Unreviewed
CVE-2022-24652
was published
Mar 11, 2022
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin...
Critical
Unreviewed
CVE-2022-25487
was published
Mar 16, 2022
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-25495
was published
Mar 16, 2022
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows...
Critical
Unreviewed
CVE-2021-45040
was published
Mar 18, 2022
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via...
Critical
Unreviewed
CVE-2021-45834
was published
Mar 19, 2022
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of...
Critical
Unreviewed
CVE-2021-45835
was published
Mar 19, 2022
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2...
Critical
Unreviewed
CVE-2022-23880
was published
Mar 24, 2022
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component...
Critical
Unreviewed
CVE-2021-39384
was published
Mar 22, 2022
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup...
Critical
Unreviewed
CVE-2021-27428
was published
Mar 24, 2022
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7...
Critical
Unreviewed
CVE-2022-22952
was published
Mar 24, 2022
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated...
Critical
Unreviewed
CVE-2022-26871
was published
Mar 30, 2022
A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via...
Critical
Unreviewed
CVE-2021-45865
was published
Mar 30, 2022
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows...
Critical
Unreviewed
CVE-2022-26645
was published
Apr 1, 2022
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *...
Critical
Unreviewed
CVE-2021-28428
was published
Apr 6, 2022
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type...
Critical
Unreviewed
CVE-2022-24136
was published
Apr 1, 2022
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-27131
was published
Apr 11, 2022
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via ...
Critical
Unreviewed
CVE-2022-27357
was published
Apr 9, 2022
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.
Critical
Unreviewed
CVE-2022-27047
was published
Apr 9, 2022
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at ...
Critical
Unreviewed
CVE-2022-27477
was published
Apr 11, 2022
here is an arbitrary file upload vulnerability in the file management function module of...
Critical
Unreviewed
CVE-2022-45966
was published
Dec 22, 2022
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-27129
was published
Apr 11, 2022
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ...
Critical
Unreviewed
CVE-2022-27351
was published
Apr 9, 2022
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows...
Critical
Unreviewed
CVE-2022-27262
was published
Apr 13, 2022
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This...
Critical
Unreviewed
CVE-2022-1345
was published
Apr 14, 2022
ProTip!
Advisories are also available from the
GraphQL API