GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,990
Composer 4,293
Erlang 31
GitHub Actions 21
Go 2,061
Maven 5,239
npm 3,744
NuGet 668
pip 3,423
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,529

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

963 advisories

Filter by severity

Sort by

Least recently updated

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure... Critical Unreviewed

CVE-2021-29281 was published Jul 8, 2022

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed

CVE-2022-41387 was published Oct 12, 2022

Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php... Critical Unreviewed

CVE-2017-7695 was published May 17, 2022

Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht... Critical Unreviewed

CVE-2017-9364 was published May 17, 2022

Unrestricted Upload of File with Dangerous Type in MCMS Critical

CVE-2022-31943 was published for net.mingsoft:ms-mcms (Maven) Jul 2, 2022

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code... Critical Unreviewed

CVE-2022-32413 was published Jul 6, 2022

A vulnerability was found in SourceCodester Company Website CMS. It has been classified as... Critical Unreviewed

CVE-2022-2736 was published Aug 12, 2022

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL... Critical Unreviewed

CVE-2022-28369 was published Jul 15, 2022

A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical... Critical Unreviewed

CVE-2022-2740 was published Aug 12, 2022

A vulnerability, which was classified as critical, was found in SourceCodester Company Website... Critical Unreviewed

CVE-2022-2750 was published Aug 12, 2022

Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin Critical Unreviewed

CVE-2015-1000001 was published May 17, 2022

A vulnerability, which was classified as critical, has been found in SourceCodester Gym... Critical Unreviewed

CVE-2022-2744 was published Aug 12, 2022

A vulnerability was found in SourceCodester Company Website CMS and classified as critical.... Critical Unreviewed

CVE-2022-2751 was published Aug 12, 2022

A vulnerability has been found in SourceCodester Simple Online Book Store System and classified... Critical Unreviewed

CVE-2022-2746 was published Aug 12, 2022

Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the... Critical Unreviewed

CVE-2022-34496 was published Jul 30, 2022

Arbitrary file upload vulnerability in php uploader Critical Unreviewed

CVE-2022-40721 was published Oct 4, 2022

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to... Critical Unreviewed

CVE-2022-34613 was published Aug 3, 2022

Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote... Critical Unreviewed

CVE-2016-5050 was published May 17, 2022

ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component ... Critical Unreviewed

CVE-2022-40050 was published Sep 27, 2022

Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Critical Unreviewed

CVE-2015-1000000 was published May 17, 2022

Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets... Critical Unreviewed

CVE-2015-3884 was published May 17, 2022

Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video... Critical Unreviewed

CVE-2022-45896 was published Dec 25, 2022

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate... Critical Unreviewed

CVE-2022-4047 was published Dec 26, 2022

Badaso vulnerable to Remote Code Execution (RCE) Critical

CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to... Critical Unreviewed

CVE-2022-40981 was published Nov 11, 2022

Previous 1 2 3 4 5 6 … 38 39 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

963 advisories