Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

963 advisories

Loading
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at ... Critical Unreviewed
CVE-2022-27477 was published Apr 11, 2022
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. Critical Unreviewed
CVE-2022-27047 was published Apr 9, 2022
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via ... Critical Unreviewed
CVE-2022-27357 was published Apr 9, 2022
here is an arbitrary file upload vulnerability in the file management function module of... Critical Unreviewed
CVE-2022-45966 was published Dec 22, 2022
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27129 was published Apr 11, 2022
Unrestricted Upload of File with Dangerous Type in Strapi Critical
CVE-2022-27263 was published for strapi (npm) Apr 13, 2022
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows... Critical Unreviewed
CVE-2022-27262 was published Apr 13, 2022
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ... Critical Unreviewed
CVE-2022-27351 was published Apr 9, 2022
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This... Critical Unreviewed
CVE-2022-1345 was published Apr 14, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS Critical
CVE-2022-27260 was published for buttercms (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-27139 was published for ghost (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Payload Critical
CVE-2022-27952 was published for payload (npm) Apr 13, 2022
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5... Critical Unreviewed
CVE-2022-27862 was published Apr 20, 2022
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the... Critical Unreviewed
CVE-2010-1433 was published Apr 21, 2022
Prima Systems FlexAir devices allow Unauthenticated Command Injection resulting in Root Remote... Critical Unreviewed
CVE-2019-7669 was published May 24, 2022
Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2022-28021 was published Apr 22, 2022
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. Critical Unreviewed
CVE-2022-44354 was published Nov 29, 2022
An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo... Critical Unreviewed
CVE-2022-29632 was published May 27, 2022
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability... Critical Unreviewed
CVE-2022-24239 was published Jun 3, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file... Critical Unreviewed
CVE-2021-24284 was published May 24, 2022
elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. Critical Unreviewed
CVE-2022-30808 was published Jun 3, 2022
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental... Critical Unreviewed
CVE-2022-32019 was published Jun 3, 2022
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in... Critical Unreviewed
CVE-2022-30423 was published Jun 3, 2022
The file upload function of Agentflow BPM has insufficient filtering for special characters in... Critical Unreviewed
CVE-2022-39036 was published Nov 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database