GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
773 advisories
Filter by severity
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin...
Critical
Unreviewed
CVE-2018-14441
was published
May 14, 2022
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of...
Critical
Unreviewed
CVE-2018-14334
was published
May 14, 2022
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level...
Critical
Unreviewed
CVE-2017-7357
was published
May 14, 2022
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html...
Critical
Unreviewed
CVE-2018-15137
was published
May 14, 2022
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be...
Critical
Unreviewed
CVE-2018-16352
was published
May 14, 2022
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default...
Critical
Unreviewed
CVE-2018-16731
was published
May 14, 2022
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class...
Critical
Unreviewed
CVE-2018-15882
was published
May 14, 2022
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0...
Critical
Unreviewed
CVE-2015-9263
was published
May 14, 2022
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config...
Critical
Unreviewed
CVE-2014-10074
was published
May 14, 2022
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
Critical
Unreviewed
CVE-2018-16287
was published
May 14, 2022
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team...
Critical
Unreviewed
CVE-2018-16370
was published
May 14, 2022
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an...
Critical
Unreviewed
CVE-2018-17440
was published
May 14, 2022
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of...
Critical
Unreviewed
CVE-2018-17573
was published
May 14, 2022
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows...
Critical
Unreviewed
CVE-2015-9271
was published
May 14, 2022
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the...
Critical
Unreviewed
CVE-2018-18752
was published
May 14, 2022
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta
Critical
Unreviewed
CVE-2018-9208
was published
May 14, 2022
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload...
Critical
Unreviewed
CVE-2018-18874
was published
May 14, 2022
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute...
Critical
Unreviewed
CVE-2018-19126
was published
May 14, 2022
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.
Critical
Unreviewed
CVE-2018-0645
was published
May 14, 2022
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action...
Critical
Unreviewed
CVE-2018-18793
was published
May 14, 2022
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote...
Critical
Unreviewed
CVE-2018-19692
was published
May 14, 2022
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend...
Critical
Unreviewed
CVE-2018-18888
was published
May 14, 2022
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files...
Critical
Unreviewed
CVE-2018-6152
was published
May 14, 2022
An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of...
Critical
Unreviewed
CVE-2018-7836
was published
May 14, 2022
ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could...
Critical
Unreviewed
CVE-2018-5204
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API