GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,990
Composer 4,293
Erlang 31
GitHub Actions 21
Go 2,061
Maven 5,239
npm 3,744
NuGet 668
pip 3,423
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,532

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

472 advisories

Filter by severity

Sort by

Least recently updated

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and... Moderate Unreviewed

CVE-2020-21005 was published May 24, 2022

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7... Moderate Unreviewed

CVE-2021-27618 was published May 24, 2022

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded... Moderate Unreviewed

CVE-2021-30209 was published May 24, 2022

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory. Moderate Unreviewed

CVE-2021-29022 was published May 24, 2022

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By... Moderate Unreviewed

CVE-2020-4928 was published May 24, 2022

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information... Moderate Unreviewed

CVE-2020-4918 was published May 24, 2022

An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local... Moderate Unreviewed

CVE-2020-19642 was published May 24, 2022

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web... Moderate Unreviewed

CVE-2021-26597 was published May 24, 2022

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an... Moderate Unreviewed

CVE-2020-26826 was published May 24, 2022

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload... Moderate Unreviewed

CVE-2020-26828 was published May 24, 2022

Affected versions of Atlassian Crucible allow remote attackers to impact the application's... Moderate Unreviewed

CVE-2020-29447 was published May 24, 2022

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An... Moderate Unreviewed

CVE-2020-29441 was published May 24, 2022

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users... Moderate Unreviewed

CVE-2020-26583 was published May 24, 2022

The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file... Moderate Unreviewed

CVE-2020-24948 was published May 24, 2022

When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="... Moderate Unreviewed

CVE-2020-23574 was published May 24, 2022

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows... Moderate Unreviewed

CVE-2019-20897 was published May 24, 2022

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer... Moderate Unreviewed

CVE-2020-1255 was published May 24, 2022

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must... Moderate Unreviewed

CVE-2020-25042 was published May 24, 2022

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command... Moderate Unreviewed

CVE-2020-11629 was published May 24, 2022

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote... Moderate Unreviewed

CVE-2020-8639 was published May 24, 2022

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote... Moderate Unreviewed

CVE-2020-10386 was published May 24, 2022

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser... Moderate Unreviewed

CVE-2015-0258 was published May 24, 2022

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle... Moderate Unreviewed

CVE-2020-2730 was published May 24, 2022

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update... Moderate Unreviewed

CVE-2019-19925 was published May 24, 2022

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote... Moderate Unreviewed

CVE-2019-19141 was published May 24, 2022

Previous 1 2 … 15 16 17 18 19 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

472 advisories