Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

773 advisories

Loading
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view... Critical Unreviewed
CVE-2018-6580 was published May 14, 2022
install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers... Critical Unreviewed
CVE-2018-5749 was published May 14, 2022
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using... Critical Unreviewed
CVE-2016-7095 was published May 14, 2022
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action. Critical Unreviewed
CVE-2018-7316 was published May 14, 2022
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded... Critical Unreviewed
CVE-2018-7665 was published May 14, 2022
Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to... Critical Unreviewed
CVE-2014-2592 was published May 14, 2022
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in... Critical Unreviewed
CVE-2018-8766 was published May 14, 2022
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. Critical Unreviewed
CVE-2014-4912 was published May 14, 2022
PHPOK 4.8.338 has an arbitrary file upload vulnerability. Critical Unreviewed
CVE-2018-8944 was published May 14, 2022
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check... Critical Unreviewed
CVE-2015-9259 was published May 14, 2022
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via... Critical Unreviewed
CVE-2017-9101 was published May 14, 2022
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files... Critical Unreviewed
CVE-2018-10469 was published May 14, 2022
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2,... Critical Unreviewed
CVE-2018-10375 was published May 14, 2022
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16... Critical Unreviewed
CVE-2016-10036 was published May 14, 2022
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4... Critical Unreviewed
CVE-2018-10942 was published May 14, 2022
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the... Critical Unreviewed
CVE-2018-11331 was published May 14, 2022
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2... Critical Unreviewed
CVE-2018-10648 was published May 14, 2022
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. Critical Unreviewed
CVE-2018-11523 was published May 14, 2022
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert... Critical Unreviewed
CVE-2018-12051 was published May 14, 2022
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers... Critical Unreviewed
CVE-2018-11736 was published May 14, 2022
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede... Critical Unreviewed
CVE-2018-12045 was published May 14, 2022
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework... Critical Unreviewed
CVE-2018-12491 was published May 14, 2022
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an... Critical Unreviewed
CVE-2018-11221 was published May 14, 2022
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a... Critical Unreviewed
CVE-2018-12914 was published May 14, 2022
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to... Critical Unreviewed
CVE-2018-13981 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database