GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,590
Composer 4,706
Erlang 34
GitHub Actions 28
Go 2,292
Maven 5,573
npm 3,942
NuGet 708
pip 3,711
Pub 12
RubyGems 919
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 256,535

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

474 advisories

Filter by severity

Sort by

Least recently updated

An unauthorized user could alter or write files with full control over the path and content of... Moderate Unreviewed

CVE-2022-46660 was published Jan 18, 2023

An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms... Moderate Unreviewed

CVE-2022-43192 was published Nov 18, 2022

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. Moderate Unreviewed

CVE-2022-43283 was published Oct 29, 2022

IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity... Moderate Unreviewed

CVE-2021-29891 was published Aug 23, 2022

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins... Moderate Unreviewed

CVE-2022-2046 was published Aug 9, 2022

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could... Moderate Unreviewed

CVE-2021-39017 was published Jul 15, 2022

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type Moderate Unreviewed

CVE-2021-3906 was published May 24, 2022

flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type Moderate Unreviewed

CVE-2021-3745 was published May 24, 2022

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via... Moderate Unreviewed

CVE-2020-20691 was published May 24, 2022

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary... Moderate Unreviewed

CVE-2021-29699 was published May 24, 2022

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and... Moderate Unreviewed

CVE-2020-21005 was published May 24, 2022

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7... Moderate Unreviewed

CVE-2021-27618 was published May 24, 2022

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory. Moderate Unreviewed

CVE-2021-29022 was published May 24, 2022

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded... Moderate Unreviewed

CVE-2021-30209 was published May 24, 2022

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before... Moderate Unreviewed

CVE-2021-23001 was published May 24, 2022

An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local... Moderate Unreviewed

CVE-2020-19642 was published May 24, 2022

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web... Moderate Unreviewed

CVE-2021-26597 was published May 24, 2022

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact... Moderate Unreviewed

CVE-2020-29450 was published May 24, 2022

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By... Moderate Unreviewed

CVE-2020-4928 was published May 24, 2022

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information... Moderate Unreviewed

CVE-2020-4918 was published May 24, 2022

Affected versions of Atlassian Crucible allow remote attackers to impact the application's... Moderate Unreviewed

CVE-2020-29447 was published May 24, 2022

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload... Moderate Unreviewed

CVE-2020-26828 was published May 24, 2022

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an... Moderate Unreviewed

CVE-2020-26826 was published May 24, 2022

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An... Moderate Unreviewed

CVE-2020-29441 was published May 24, 2022

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users... Moderate Unreviewed

CVE-2020-26583 was published May 24, 2022

Previous 1 2 … 14 15 16 17 18 19 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

474 advisories