Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,361 advisories

Loading
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow... Critical Unreviewed
CVE-2022-24984 was published Feb 17, 2022
File upload leading to RCE in MCMS Critical
CVE-2021-46036 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can... High Unreviewed
CVE-2022-23375 was published Feb 20, 2022
Unrestricted Upload of File with Dangerous Type in showdoc High
CVE-2022-0409 was published for showdoc/showdoc (Composer) Feb 20, 2022
An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function... Critical Unreviewed
CVE-2022-24553 was published Feb 22, 2022
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in... High Unreviewed
CVE-2021-44664 was published Feb 25, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged... High Unreviewed
CVE-2022-25360 was published Feb 25, 2022
File upload restriction bypass in Zenario CMS High
CVE-2022-23043 was published for tribalsystems/zenario (Composer) Feb 25, 2022
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install... High Unreviewed
CVE-2021-44967 was published Feb 25, 2022
Unrestricted Upload of File with Dangerous Type in MODX Revolution High
CVE-2022-26149 was published for modx/revolution (Composer) Feb 27, 2022
A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows... Critical Unreviewed
CVE-2022-25411 was published Mar 2, 2022
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability... High Unreviewed
CVE-2022-23906 was published Mar 2, 2022
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload... Critical Unreviewed
CVE-2022-25016 was published Mar 3, 2022
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis... High Unreviewed
CVE-2022-24252 was published Mar 3, 2022
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis... High Unreviewed
CVE-2022-24254 was published Mar 3, 2022
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed
CVE-2022-24253 was published Mar 3, 2022
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed
CVE-2022-24251 was published Mar 3, 2022
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user... High Unreviewed
CVE-2022-25115 was published Mar 4, 2022
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to... High Unreviewed
CVE-2022-0440 was published Mar 8, 2022
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress... Moderate Unreviewed
CVE-2021-24960 was published Mar 8, 2022
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files'... High Unreviewed
CVE-2021-24216 was published Mar 8, 2022
Unrestricted Upload of File with Dangerous Type in Croogo High
CVE-2021-44673 was published for croogo/croogo (Composer) Mar 11, 2022
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by... High Unreviewed
CVE-2022-26521 was published Mar 11, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed
CVE-2022-24651 was published Mar 11, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed
CVE-2022-24652 was published Mar 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database