Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

982 advisories

Loading
File upload leading to RCE in MCMS Critical
CVE-2021-46036 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow... Critical Unreviewed
CVE-2022-24984 was published Feb 17, 2022
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary... Critical Unreviewed
CVE-2022-23390 was published Feb 15, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead... Critical Unreviewed
CVE-2021-22803 was published Feb 12, 2022
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows... Critical Unreviewed
CVE-2022-23329 was published Feb 10, 2022
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1... Critical Unreviewed
CVE-2021-46428 was published Jan 28, 2022
Mingsoft MCMS vulnerable to Remote Code Execution via file upload. Critical
CVE-2021-46386 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
In ForestBlog, as of 2021-12-28, File upload can bypass verification. Critical Unreviewed
CVE-2021-46033 was published Jan 26, 2022
Arbitrary File Upload in Mingsoft MCMS Critical
CVE-2022-22929 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
Arbitrary file upload in Mingsoft MCMS Critical
CVE-2022-23315 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows... Critical Unreviewed
CVE-2021-38697 was published Jan 19, 2022
An unrestricted file upload vulnerability exists in Sourcecodester Free school management... Critical Unreviewed
CVE-2021-46013 was published Jan 19, 2022
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database... Critical Unreviewed
CVE-2021-45411 was published Jan 13, 2022
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles... Critical Unreviewed
CVE-2021-44031 was published Dec 23, 2021
Chain Sea ai chatbot system’s file upload function has insufficient filtering for special... Critical Unreviewed
CVE-2021-44164 was published Dec 21, 2021
4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker... Critical Unreviewed
CVE-2021-44159 was published Dec 21, 2021
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an... Critical Unreviewed
CVE-2021-41560 was published Dec 16, 2021
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. Critical Unreviewed
CVE-2021-40883 was published Dec 15, 2021
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution... Critical Unreviewed
CVE-2021-43117 was published Dec 14, 2021
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI... Critical Unreviewed
CVE-2021-43936 was published Dec 7, 2021
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Critical Unreviewed
CVE-2021-42099 was published Dec 1, 2021
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
Unrestricted File Upload in ShowDoc v2.9.5 Critical
CVE-2021-36440 was published for showdoc/showdoc (Composer) Sep 9, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy Critical
CVE-2020-18704 was published for django-widgy (pip) Aug 30, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database