GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,972
Composer 4,285
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,238
npm 3,741
NuGet 668
pip 3,422
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,197

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,285 advisories

Filter by severity

Sort by

Least recently updated

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController... High Unreviewed

CVE-2021-46116 was published Jan 27, 2022

In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution... High Unreviewed

CVE-2021-46113 was published Jan 26, 2022

In ForestBlog, as of 2021-12-28, File upload can bypass verification. Critical Unreviewed

CVE-2021-46033 was published Jan 26, 2022

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before... Moderate Unreviewed

CVE-2022-23026 was published Jan 26, 2022

jpress v4.2.0 allows users to register an account by default. With the account, user can upload... High Unreviewed

CVE-2021-45808 was published Jan 20, 2022

SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows... Critical Unreviewed

CVE-2021-38697 was published Jan 19, 2022

Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. High Unreviewed

CVE-2021-41550 was published Jan 19, 2022

An unrestricted file upload vulnerability exists in Sourcecodester Free school management... Critical Unreviewed

CVE-2021-46013 was published Jan 19, 2022

The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by... High Unreviewed

CVE-2021-33828 was published Jan 16, 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed

CVE-2021-34995 was published Jan 14, 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed

CVE-2021-34997 was published Jan 14, 2022

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the... High Unreviewed

CVE-2021-44651 was published Jan 13, 2022

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database... Critical Unreviewed

CVE-2021-45411 was published Jan 13, 2022

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows... High Unreviewed

CVE-2021-43973 was published Jan 12, 2022

Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker... High Unreviewed

CVE-2021-46076 was published Jan 7, 2022

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management... High Unreviewed

CVE-2021-46079 was published Jan 7, 2022

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management... Moderate Unreviewed

CVE-2021-46078 was published Jan 7, 2022

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles... Critical Unreviewed

CVE-2021-44031 was published Dec 23, 2021

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker... Critical Unreviewed

CVE-2021-44159 was published Dec 21, 2021

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special... Critical Unreviewed

CVE-2021-44164 was published Dec 21, 2021

The "Log alert to a file" action within action management enables any Orion Platform user with... High Unreviewed

CVE-2021-35244 was published Dec 21, 2021

An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An... High Unreviewed

CVE-2021-41870 was published Dec 16, 2021

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an... Critical Unreviewed

CVE-2021-41560 was published Dec 16, 2021

A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. Critical Unreviewed

CVE-2021-40883 was published Dec 15, 2021

fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution... Critical Unreviewed

CVE-2021-43117 was published Dec 14, 2021

Previous 1 2 … 88 89 90 91 92 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,285 advisories