Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

480 advisories

Loading
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an... Moderate Unreviewed
CVE-2018-16397 was published May 14, 2022
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=..... Moderate Unreviewed
CVE-2018-16821 was published May 14, 2022
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number... Moderate Unreviewed
CVE-2018-18565 was published May 14, 2022
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML... Moderate Unreviewed
CVE-2018-19421 was published May 14, 2022
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative... Moderate Unreviewed
CVE-2018-19420 was published May 14, 2022
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5,... Moderate Unreviewed
CVE-2018-16097 was published May 14, 2022
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system... Moderate Unreviewed
CVE-2018-16093 was published May 14, 2022
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to... Moderate Unreviewed
CVE-2019-8394 was published May 14, 2022
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a... Moderate Unreviewed
CVE-2019-9692 was published May 14, 2022
Symfony Path Disclosure Moderate
CVE-2018-19789 was published for symfony/form (Composer) May 14, 2022
Drupal Settings Tray access bypass Moderate
CVE-2017-6931 was published for drupal/core (Composer) May 13, 2022
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via... Moderate Unreviewed
CVE-2017-11404 was published May 13, 2022
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via... Moderate Unreviewed
CVE-2017-11405 was published May 13, 2022
On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user... Moderate Unreviewed
CVE-2018-15333 was published May 13, 2022
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for... Moderate Unreviewed
CVE-2018-0587 was published May 13, 2022
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload... Moderate Unreviewed
CVE-2018-4921 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2018-15424 was published May 13, 2022
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG... Moderate Unreviewed
CVE-2016-10258 was published May 13, 2022
Unrestricted Upload of File with Dangerous Type in yetiforce-crm Moderate
CVE-2022-1411 was published for yetiforce/yetiforce-crm (Composer) May 6, 2022
TYPO3 Unrestricted File Upload vulnerability Moderate
CVE-2008-2717 was published for typo3/cms-core (Composer) May 1, 2022
Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier,... Moderate Unreviewed
CVE-2006-6994 was published May 1, 2022
Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated... Moderate Unreviewed
CVE-2006-5845 was published May 1, 2022
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users... Moderate Unreviewed
CVE-2006-4471 was published May 1, 2022
add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading... Moderate Unreviewed
CVE-2006-2428 was published May 1, 2022
Mailsite Express allows remote attackers to upload and execute files with executable extensions... Moderate Unreviewed
CVE-2005-3288 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database