GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,031
Composer 4,303
Erlang 31
GitHub Actions 21
Go 2,072
Maven 5,246
npm 3,744
NuGet 669
pip 3,430
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,693

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,085 advisories

Filter by severity

Sort by

Least recently updated

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent... High Unreviewed

CVE-2022-24262 was published Feb 10, 2022

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in... High Unreviewed

CVE-2022-23048 was published Feb 11, 2022

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can... High Unreviewed

CVE-2022-23375 was published Feb 20, 2022

Unrestricted Upload of File with Dangerous Type in showdoc High

CVE-2022-0409 was published for showdoc/showdoc (Composer) Feb 20, 2022

An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in... High Unreviewed

CVE-2021-44664 was published Feb 25, 2022

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged... High Unreviewed

CVE-2022-25360 was published Feb 25, 2022

File upload restriction bypass in Zenario CMS High

CVE-2022-23043 was published for tribalsystems/zenario (Composer) Feb 25, 2022

A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install... High Unreviewed

CVE-2021-44967 was published Feb 25, 2022

Unrestricted Upload of File with Dangerous Type in MODX Revolution High

CVE-2022-26149 was published for modx/revolution (Composer) Feb 27, 2022

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability... High Unreviewed

CVE-2022-23906 was published Mar 2, 2022

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis... High Unreviewed

CVE-2022-24254 was published Mar 3, 2022

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis... High Unreviewed

CVE-2022-24252 was published Mar 3, 2022

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed

CVE-2022-24253 was published Mar 3, 2022

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed

CVE-2022-24251 was published Mar 3, 2022

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user... High Unreviewed

CVE-2022-25115 was published Mar 4, 2022

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to... High Unreviewed

CVE-2022-0440 was published Mar 8, 2022

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files'... High Unreviewed

CVE-2021-24216 was published Mar 8, 2022

Unrestricted Upload of File with Dangerous Type in Croogo High

CVE-2021-44673 was published for croogo/croogo (Composer) Mar 11, 2022

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by... High Unreviewed

CVE-2022-26521 was published Mar 11, 2022

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 ... High Unreviewed

CVE-2021-43970 was published Mar 11, 2022

With administrator or admin privileges the application can be tricked into overwriting files in... High Unreviewed

CVE-2022-24387 was published Mar 15, 2022

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings... High Unreviewed

CVE-2022-25602 was published Mar 19, 2022

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action... High Unreviewed

CVE-2022-26965 was published Mar 19, 2022

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload.... High Unreviewed

CVE-2022-25581 was published Mar 20, 2022

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. High Unreviewed

CVE-2022-23346 was published Mar 22, 2022

Previous 1 2 3 4 5 … 43 44 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,085 advisories