GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,381
Composer 4,822
Erlang 36
GitHub Actions 32
Go 2,413
Maven 5,809
npm 4,052
NuGet 723
pip 3,844
Pub 12
RubyGems 933
Rust 1,005
Swift 38

Unreviewed advisories

All unreviewed 264,840

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,671 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead... Critical Unreviewed

CVE-2021-22803 was published Feb 12, 2022

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in... High Unreviewed

CVE-2022-23048 was published Feb 11, 2022

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent... High Unreviewed

CVE-2022-24262 was published Feb 10, 2022

A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows... Critical Unreviewed

CVE-2022-23329 was published Feb 10, 2022

update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP... High Unreviewed

CVE-2022-24676 was published Feb 10, 2022

Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote... High Unreviewed

CVE-2021-46360 was published Feb 10, 2022

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used)... High Unreviewed

CVE-2021-37194 was published Feb 10, 2022

Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php... High Unreviewed

CVE-2021-46097 was published Jan 28, 2022

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1... Critical Unreviewed

CVE-2021-46428 was published Jan 28, 2022

SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability,... High Unreviewed

CVE-2021-44123 was published Jan 27, 2022

jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The... High Unreviewed

CVE-2021-46115 was published Jan 27, 2022

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController... High Unreviewed

CVE-2021-46116 was published Jan 27, 2022

In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution... High Unreviewed

CVE-2021-46113 was published Jan 26, 2022

In ForestBlog, as of 2021-12-28, File upload can bypass verification. Critical Unreviewed

CVE-2021-46033 was published Jan 26, 2022

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before... Moderate Unreviewed

CVE-2022-23026 was published Jan 26, 2022

jpress v4.2.0 allows users to register an account by default. With the account, user can upload... High Unreviewed

CVE-2021-45808 was published Jan 20, 2022

SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows... Critical Unreviewed

CVE-2021-38697 was published Jan 19, 2022

Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. High Unreviewed

CVE-2021-41550 was published Jan 19, 2022

An unrestricted file upload vulnerability exists in Sourcecodester Free school management... Critical Unreviewed

CVE-2021-46013 was published Jan 19, 2022

The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by... High Unreviewed

CVE-2021-33828 was published Jan 16, 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed

CVE-2021-34995 was published Jan 14, 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed

CVE-2021-34997 was published Jan 14, 2022

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the... High Unreviewed

CVE-2021-44651 was published Jan 13, 2022

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database... Critical Unreviewed

CVE-2021-45411 was published Jan 13, 2022

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows... High Unreviewed

CVE-2021-43973 was published Jan 12, 2022

Previous 1 2 … 103 104 105 106 107 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,671 advisories