Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

983 advisories

Loading
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users... Critical Unreviewed
CVE-2021-45790 was published Sep 30, 2022
Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files... Critical Unreviewed
CVE-2019-18643 was published May 24, 2022
An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable... Critical Unreviewed
CVE-2020-25010 was published May 24, 2022
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted... Critical Unreviewed
CVE-2020-35489 was published May 24, 2022
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a... Critical Unreviewed
CVE-2020-11486 was published May 24, 2022
An issue was discovered in Visualware MyConnection Server through 11.0b build 5382.... Critical Unreviewed
CVE-2021-27198 was published May 24, 2022
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png"... Critical Unreviewed
CVE-2021-3378 was published May 24, 2022
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send... Critical Unreviewed
CVE-2021-27964 was published May 24, 2022
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. Critical Unreviewed
CVE-2022-46020 was published Dec 20, 2022
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products... Critical Unreviewed
CVE-2021-24212 was published May 24, 2022
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-43305 was published Nov 7, 2022
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-43304 was published Nov 7, 2022
EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient... Critical Unreviewed
CVE-2022-37346 was published Sep 28, 2022
The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload... Critical Unreviewed
CVE-2021-24240 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2021-27274 was published May 24, 2022
A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell. Critical Unreviewed
CVE-2020-28063 was published May 24, 2022
An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. Critical Unreviewed
CVE-2020-23790 was published May 24, 2022
Composr 10.0.36 allows upload and execution of PHP files. Critical Unreviewed
CVE-2021-30149 was published May 24, 2022
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-44052 was published Nov 7, 2022
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer.... Critical Unreviewed
CVE-2021-27459 was published May 24, 2022
KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via... Critical Unreviewed
CVE-2021-20721 was published May 24, 2022
The d8s-networking for python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-44053 was published Nov 7, 2022
The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-44051 was published Nov 7, 2022
Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper... Critical Unreviewed
CVE-2020-20287 was published May 24, 2022
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard... Critical Unreviewed
CVE-2020-29592 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database