GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,711
Composer 4,743
Erlang 35
GitHub Actions 29
Go 2,315
Maven 5,599
npm 3,949
NuGet 711
pip 3,729
Pub 12
RubyGems 920
Rust 964
Swift 38

Unreviewed advisories

All unreviewed 257,433

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,036 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an... High Unreviewed

CVE-2021-32961 was published Apr 3, 2022

Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload... High Unreviewed

CVE-2022-23155 was published Apr 2, 2022

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to... High Unreviewed

CVE-2022-28223 was published Mar 31, 2022

A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function... High Unreviewed

CVE-2021-43100 was published Mar 30, 2022

A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType... High Unreviewed

CVE-2021-43101 was published Mar 30, 2022

A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function,... High Unreviewed

CVE-2021-43102 was published Mar 30, 2022

A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. High Unreviewed

CVE-2021-43098 was published Mar 30, 2022

A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function... High Unreviewed

CVE-2021-43103 was published Mar 30, 2022

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not... High Unreviewed

CVE-2021-40905 was published Mar 27, 2022

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior... High Unreviewed

CVE-2022-1033 was published Mar 24, 2022

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows... High Unreviewed

CVE-2020-26007 was published Mar 22, 2022

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0... High Unreviewed

CVE-2020-26008 was published Mar 22, 2022

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is... High Unreviewed

CVE-2022-0687 was published Mar 22, 2022

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. High Unreviewed

CVE-2022-23346 was published Mar 22, 2022

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload.... High Unreviewed

CVE-2022-25581 was published Mar 20, 2022

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action... High Unreviewed

CVE-2022-26965 was published Mar 19, 2022

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings... High Unreviewed

CVE-2022-25602 was published Mar 19, 2022

With administrator or admin privileges the application can be tricked into overwriting files in... High Unreviewed

CVE-2022-24387 was published Mar 15, 2022

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 ... High Unreviewed

CVE-2021-43970 was published Mar 11, 2022

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by... High Unreviewed

CVE-2022-26521 was published Mar 11, 2022

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files'... High Unreviewed

CVE-2021-24216 was published Mar 8, 2022

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to... High Unreviewed

CVE-2022-0440 was published Mar 8, 2022

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user... High Unreviewed

CVE-2022-25115 was published Mar 4, 2022

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed

CVE-2022-24251 was published Mar 3, 2022

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis... High Unreviewed

CVE-2022-24252 was published Mar 3, 2022

Previous 1 2 … 38 39 40 41 42 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,036 advisories