Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,040 advisories

Loading
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php... High Unreviewed
CVE-2019-8362 was published May 14, 2022
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type... High Unreviewed
CVE-2019-8433 was published May 14, 2022
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being... High Unreviewed
CVE-2019-8933 was published May 14, 2022
An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code... High Unreviewed
CVE-2019-9050 was published May 14, 2022
SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c... High Unreviewed
CVE-2019-9181 was published May 14, 2022
An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File"... High Unreviewed
CVE-2018-20063 was published May 14, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code... High Unreviewed
CVE-2019-9613 was published May 14, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code... High Unreviewed
CVE-2019-9608 was published May 14, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code... High Unreviewed
CVE-2019-9617 was published May 14, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code... High Unreviewed
CVE-2019-9612 was published May 14, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code... High Unreviewed
CVE-2019-9609 was published May 14, 2022
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c... High Unreviewed
CVE-2019-9572 was published May 14, 2022
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file... High Unreviewed
CVE-2018-17418 was published May 14, 2022
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier... High Unreviewed
CVE-2017-6090 was published May 14, 2022
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is... High Unreviewed
CVE-2017-9080 was published May 14, 2022
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that... High Unreviewed
CVE-2018-1000094 was published May 14, 2022
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3... High Unreviewed
CVE-2018-11340 was published May 14, 2022
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows... High Unreviewed
CVE-2018-11345 was published May 14, 2022
An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators... High Unreviewed
CVE-2019-10652 was published May 14, 2022
An unauthenticated file upload vulnerability has been identified in the Web Client component of... High Unreviewed
CVE-2019-3489 was published May 14, 2022
An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted... High Unreviewed
CVE-2019-10478 was published May 14, 2022
Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. High Unreviewed
CVE-2018-19453 was published May 14, 2022
** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI,... High Unreviewed
CVE-2019-9042 was published May 14, 2022
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to... High Unreviewed
CVE-2017-14521 was published May 14, 2022
GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to... High Unreviewed
CVE-2019-11028 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database