Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,361 advisories

Loading
An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote... High Unreviewed
CVE-2022-27249 was published Apr 5, 2022
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via ... High Unreviewed
CVE-2022-26630 was published Apr 6, 2022
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *... Critical Unreviewed
CVE-2021-28428 was published Apr 6, 2022
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the... High Unreviewed
CVE-2022-26619 was published Apr 6, 2022
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow... High Unreviewed
CVE-2022-26607 was published Apr 7, 2022
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload... High Unreviewed
CVE-2022-26605 was published Apr 7, 2022
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver... High Unreviewed
CVE-2021-43430 was published Apr 8, 2022
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write... High Unreviewed
CVE-2022-26627 was published Apr 8, 2022
elFinder Unrestricted File Upload vulnerability Critical
CVE-2021-43421 was published for studio-42/elfinder (Composer) Apr 8, 2022
Infinite loop in .Net Bond High
CVE-2020-1469 was published for Bond.Core.CSharp (NuGet) Apr 8, 2022
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. Critical Unreviewed
CVE-2022-27047 was published Apr 9, 2022
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin... High Unreviewed
CVE-2021-46367 was published Apr 9, 2022
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via ... High Unreviewed
CVE-2022-27346 was published Apr 9, 2022
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability... High Unreviewed
CVE-2022-27352 was published Apr 9, 2022
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ... Critical Unreviewed
CVE-2022-27351 was published Apr 9, 2022
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post... High Unreviewed
CVE-2022-27061 was published Apr 9, 2022
Musical World v1 was discovered to contain an arbitrary file upload vulnerability via... High Unreviewed
CVE-2022-27064 was published Apr 9, 2022
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via... High Unreviewed
CVE-2022-27349 was published Apr 9, 2022
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via ... Critical Unreviewed
CVE-2022-27357 was published Apr 9, 2022
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at ... Critical Unreviewed
CVE-2022-27477 was published Apr 11, 2022
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27131 was published Apr 11, 2022
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27129 was published Apr 11, 2022
RCE in Studio-42 elFinder on Windows before 2.1.61 Critical
CVE-2022-27115 was published for studio-42/elfinder (Composer) Apr 12, 2022
The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file,... High Unreviewed
CVE-2022-1008 was published Apr 12, 2022
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. Moderate Unreviewed
CVE-2022-1045 was published Apr 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database