Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,433 advisories

Loading
File upload restriction bypass in Zenario CMS High
CVE-2022-23043 was published for tribalsystems/zenario (Composer) Feb 25, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged... High Unreviewed
CVE-2022-25360 was published Feb 25, 2022
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in... High Unreviewed
CVE-2021-44664 was published Feb 25, 2022
An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function... Critical Unreviewed
CVE-2022-24553 was published Feb 22, 2022
Unrestricted Upload of File with Dangerous Type in showdoc High
CVE-2022-0409 was published for showdoc/showdoc (Composer) Feb 20, 2022
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can... High Unreviewed
CVE-2022-23375 was published Feb 20, 2022
File upload leading to RCE in MCMS Critical
CVE-2021-46036 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow... Critical Unreviewed
CVE-2022-24984 was published Feb 17, 2022
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary... Critical Unreviewed
CVE-2022-23390 was published Feb 15, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead... Critical Unreviewed
CVE-2021-22803 was published Feb 12, 2022
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in... High Unreviewed
CVE-2022-23048 was published Feb 11, 2022
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Unrestricted Uploads in Concrete5 Moderate
CVE-2020-14961 was published for concrete5/concrete5 (Composer) Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP Moderate
CVE-2020-15839 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 10, 2022
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent... High Unreviewed
CVE-2022-24262 was published Feb 10, 2022
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows... Critical Unreviewed
CVE-2022-23329 was published Feb 10, 2022
update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP... High Unreviewed
CVE-2022-24676 was published Feb 10, 2022
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote... High Unreviewed
CVE-2021-46360 was published Feb 10, 2022
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used)... High Unreviewed
CVE-2021-37194 was published Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom Moderate
CVE-2022-0472 was published for jsdecena/laracom (Composer) Feb 6, 2022
Unrestricted Upload of File with Dangerous Type in motionEye High
CVE-2021-44255 was published for motioneye (pip) Feb 1, 2022
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php... High Unreviewed
CVE-2021-46097 was published Jan 28, 2022
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1... Critical Unreviewed
CVE-2021-46428 was published Jan 28, 2022
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability,... High Unreviewed
CVE-2021-44123 was published Jan 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database