GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
773 advisories
Filter by severity
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view...
Critical
Unreviewed
CVE-2018-6580
was published
May 14, 2022
install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers...
Critical
Unreviewed
CVE-2018-5749
was published
May 14, 2022
Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using...
Critical
Unreviewed
CVE-2016-7095
was published
May 14, 2022
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.
Critical
Unreviewed
CVE-2018-7316
was published
May 14, 2022
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded...
Critical
Unreviewed
CVE-2018-7665
was published
May 14, 2022
Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to...
Critical
Unreviewed
CVE-2014-2592
was published
May 14, 2022
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in...
Critical
Unreviewed
CVE-2018-8766
was published
May 14, 2022
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
Critical
Unreviewed
CVE-2014-4912
was published
May 14, 2022
PHPOK 4.8.338 has an arbitrary file upload vulnerability.
Critical
Unreviewed
CVE-2018-8944
was published
May 14, 2022
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check...
Critical
Unreviewed
CVE-2015-9259
was published
May 14, 2022
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via...
Critical
Unreviewed
CVE-2017-9101
was published
May 14, 2022
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files...
Critical
Unreviewed
CVE-2018-10469
was published
May 14, 2022
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2,...
Critical
Unreviewed
CVE-2018-10375
was published
May 14, 2022
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16...
Critical
Unreviewed
CVE-2016-10036
was published
May 14, 2022
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4...
Critical
Unreviewed
CVE-2018-10942
was published
May 14, 2022
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the...
Critical
Unreviewed
CVE-2018-11331
was published
May 14, 2022
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2...
Critical
Unreviewed
CVE-2018-10648
was published
May 14, 2022
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
Critical
Unreviewed
CVE-2018-11523
was published
May 14, 2022
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert...
Critical
Unreviewed
CVE-2018-12051
was published
May 14, 2022
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers...
Critical
Unreviewed
CVE-2018-11736
was published
May 14, 2022
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede...
Critical
Unreviewed
CVE-2018-12045
was published
May 14, 2022
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework...
Critical
Unreviewed
CVE-2018-12491
was published
May 14, 2022
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an...
Critical
Unreviewed
CVE-2018-11221
was published
May 14, 2022
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a...
Critical
Unreviewed
CVE-2018-12914
was published
May 14, 2022
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to...
Critical
Unreviewed
CVE-2018-13981
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API