GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,990
Composer 4,293
Erlang 31
GitHub Actions 21
Go 2,061
Maven 5,239
npm 3,744
NuGet 668
pip 3,423
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,462

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,289 advisories

Filter by severity

Sort by

Least recently updated

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress... Moderate Unreviewed

CVE-2021-24960 was published Mar 8, 2022

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files'... High Unreviewed

CVE-2021-24216 was published Mar 8, 2022

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to... High Unreviewed

CVE-2022-0440 was published Mar 8, 2022

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user... High Unreviewed

CVE-2022-25115 was published Mar 4, 2022

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed

CVE-2022-24251 was published Mar 3, 2022

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed

CVE-2022-24253 was published Mar 3, 2022

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis... High Unreviewed

CVE-2022-24252 was published Mar 3, 2022

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis... High Unreviewed

CVE-2022-24254 was published Mar 3, 2022

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload... Critical Unreviewed

CVE-2022-25016 was published Mar 3, 2022

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability... High Unreviewed

CVE-2022-23906 was published Mar 2, 2022

A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows... Critical Unreviewed

CVE-2022-25411 was published Mar 2, 2022

A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install... High Unreviewed

CVE-2021-44967 was published Feb 25, 2022

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged... High Unreviewed

CVE-2022-25360 was published Feb 25, 2022

An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in... High Unreviewed

CVE-2021-44664 was published Feb 25, 2022

An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function... Critical Unreviewed

CVE-2022-24553 was published Feb 22, 2022

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can... High Unreviewed

CVE-2022-23375 was published Feb 20, 2022

Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow... Critical Unreviewed

CVE-2022-24984 was published Feb 17, 2022

An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary... Critical Unreviewed

CVE-2022-23390 was published Feb 15, 2022

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead... Critical Unreviewed

CVE-2021-22803 was published Feb 12, 2022

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in... High Unreviewed

CVE-2022-23048 was published Feb 11, 2022

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent... High Unreviewed

CVE-2022-24262 was published Feb 10, 2022

A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows... Critical Unreviewed

CVE-2022-23329 was published Feb 10, 2022

update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP... High Unreviewed

CVE-2022-24676 was published Feb 10, 2022

Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote... High Unreviewed

CVE-2021-46360 was published Feb 10, 2022

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used)... High Unreviewed

CVE-2021-37194 was published Feb 10, 2022

Previous 1 2 … 88 89 90 91 92 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,289 advisories