Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,721
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,946
NuGet
711
pip
3,723
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

487 advisories

Loading
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows... Moderate Unreviewed
CVE-2020-5844 was published May 24, 2022
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote... Moderate Unreviewed
CVE-2020-10386 was published May 24, 2022
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file... Moderate Unreviewed
CVE-2020-8500 was published May 24, 2022
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This... Moderate Unreviewed
CVE-2020-9320 was published May 24, 2022
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser... Moderate Unreviewed
CVE-2015-0258 was published May 24, 2022
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle... Moderate Unreviewed
CVE-2020-2730 was published May 24, 2022
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an... Moderate Unreviewed
CVE-2020-5509 was published May 24, 2022
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update... Moderate Unreviewed
CVE-2019-19925 was published May 24, 2022
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote... Moderate Unreviewed
CVE-2019-19141 was published May 24, 2022
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker... Moderate Unreviewed
CVE-2019-18320 was published May 24, 2022
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One... Moderate Unreviewed
CVE-2019-11216 was published May 24, 2022
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with... Moderate Unreviewed
CVE-2019-19493 was published May 24, 2022
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local... Moderate Unreviewed
CVE-2019-17325 was published May 24, 2022
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the... Moderate Unreviewed
CVE-2019-17536 was published May 24, 2022
An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to... Moderate Unreviewed
CVE-2019-14916 was published May 24, 2022
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation... Moderate Unreviewed
CVE-2019-14748 was published May 24, 2022
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload... Moderate Unreviewed
CVE-2018-20925 was published May 24, 2022
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload... Moderate Unreviewed
CVE-2019-4056 was published May 24, 2022
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any... Moderate Unreviewed
CVE-2017-11561 was published May 24, 2022
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload,... Moderate Unreviewed
CVE-2019-6513 was published May 24, 2022
An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary... Moderate Unreviewed
CVE-2019-8404 was published May 24, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0... Moderate Unreviewed
CVE-2022-22482 was published May 18, 2022
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine ... Moderate Unreviewed
CVE-2016-2914 was published May 17, 2022
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before... Moderate Unreviewed
CVE-2015-4524 was published May 17, 2022
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an... Moderate Unreviewed
CVE-2016-8973 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database