Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

773 advisories

Loading
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin... Critical Unreviewed
CVE-2018-14441 was published May 14, 2022
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of... Critical Unreviewed
CVE-2018-14334 was published May 14, 2022
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level... Critical Unreviewed
CVE-2017-7357 was published May 14, 2022
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html... Critical Unreviewed
CVE-2018-15137 was published May 14, 2022
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be... Critical Unreviewed
CVE-2018-16352 was published May 14, 2022
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default... Critical Unreviewed
CVE-2018-16731 was published May 14, 2022
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class... Critical Unreviewed
CVE-2018-15882 was published May 14, 2022
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0... Critical Unreviewed
CVE-2015-9263 was published May 14, 2022
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config... Critical Unreviewed
CVE-2014-10074 was published May 14, 2022
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Critical Unreviewed
CVE-2018-16287 was published May 14, 2022
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team... Critical Unreviewed
CVE-2018-16370 was published May 14, 2022
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an... Critical Unreviewed
CVE-2018-17440 was published May 14, 2022
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of... Critical Unreviewed
CVE-2018-17573 was published May 14, 2022
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows... Critical Unreviewed
CVE-2015-9271 was published May 14, 2022
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the... Critical Unreviewed
CVE-2018-18752 was published May 14, 2022
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta Critical Unreviewed
CVE-2018-9208 was published May 14, 2022
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload... Critical Unreviewed
CVE-2018-18874 was published May 14, 2022
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute... Critical Unreviewed
CVE-2018-19126 was published May 14, 2022
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. Critical Unreviewed
CVE-2018-0645 was published May 14, 2022
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action... Critical Unreviewed
CVE-2018-18793 was published May 14, 2022
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote... Critical Unreviewed
CVE-2018-19692 was published May 14, 2022
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend... Critical Unreviewed
CVE-2018-18888 was published May 14, 2022
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files... Critical Unreviewed
CVE-2018-6152 was published May 14, 2022
An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of... Critical Unreviewed
CVE-2018-7836 was published May 14, 2022
ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could... Critical Unreviewed
CVE-2018-5204 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database