Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,521
Maven
5,000+
npm
4,167
NuGet
741
pip
3,963
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,047 advisories

Loading
DedeCMS 5.7.98 has a file upload vulnerability in the background. High Unreviewed
CVE-2022-40886 was published Oct 4, 2022
Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode... High Unreviewed
CVE-2022-34154 was published Aug 2, 2022
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to... Critical Unreviewed
CVE-2022-34613 was published Aug 3, 2022
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in... High Unreviewed
CVE-2016-9186 was published May 17, 2022
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote... Critical Unreviewed
CVE-2016-5050 was published May 17, 2022
mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows... High Unreviewed
CVE-2022-40341 was published Oct 1, 2022
Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability... High Unreviewed
CVE-2022-41437 was published Oct 1, 2022
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component ... Critical Unreviewed
CVE-2022-40050 was published Sep 27, 2022
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point... High Unreviewed
CVE-2022-40925 was published Sep 27, 2022
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 High Unreviewed
CVE-2015-1000013 was published May 17, 2022
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute... High Unreviewed
CVE-2022-40407 was published Sep 30, 2022
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin... High Unreviewed
CVE-2022-3076 was published Sep 27, 2022
Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually... High Unreviewed
CVE-2016-9268 was published May 17, 2022
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Critical Unreviewed
CVE-2015-1000000 was published May 17, 2022
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users,... High Unreviewed
CVE-2022-3125 was published Oct 4, 2022
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets... Critical Unreviewed
CVE-2015-3884 was published May 17, 2022
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous... High Unreviewed
CVE-2022-3989 was published Dec 12, 2022
FeehiCMS Unrestricted Upload vulnerability Moderate
CVE-2021-36573 was published for feehi/feehicms (Composer) Dec 15, 2022
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video... Critical Unreviewed
CVE-2022-45896 was published Dec 25, 2022
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate... Critical Unreviewed
CVE-2022-4047 was published Dec 26, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and... High Unreviewed
CVE-2020-36388 was published May 24, 2022
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component... High Unreviewed
CVE-2022-38305 was published Sep 14, 2022
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP... High Unreviewed
CVE-2020-25790 was published May 24, 2022
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload... High Unreviewed
CVE-2022-38843 was published Sep 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database