GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
773 advisories
Filter by severity
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download...
Critical
Unreviewed
CVE-2017-1002016
was published
May 13, 2022
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file...
Critical
Unreviewed
CVE-2017-1002008
was published
May 13, 2022
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard...
Critical
Unreviewed
CVE-2017-15990
was published
May 13, 2022
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop ...
Critical
Unreviewed
CVE-2018-19355
was published
May 13, 2022
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15961
was published
May 13, 2022
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar)...
Critical
Unreviewed
CVE-2017-1000081
was published
May 13, 2022
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
Critical
Unreviewed
CVE-2018-18475
was published
May 13, 2022
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a...
Critical
Unreviewed
CVE-2018-6411
was published
May 13, 2022
The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated...
Critical
Unreviewed
CVE-2018-12426
was published
May 13, 2022
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in...
Critical
Unreviewed
CVE-2018-13038
was published
May 13, 2022
Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload...
Critical
Unreviewed
CVE-2019-6139
was published
May 13, 2022
An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013....
Critical
Unreviewed
CVE-2018-3832
was published
May 13, 2022
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File...
Critical
Unreviewed
CVE-2022-30448
was published
May 12, 2022
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this...
Critical
Unreviewed
CVE-2021-42645
was published
May 11, 2022
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching...
Critical
Unreviewed
CVE-2022-28120
was published
May 6, 2022
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd....
Critical
Unreviewed
CVE-2022-28606
was published
May 6, 2022
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework...
Critical
Unreviewed
CVE-2013-20002
was published
May 5, 2022
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image...
Critical
Unreviewed
CVE-2022-28568
was published
May 5, 2022
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary...
Critical
Unreviewed
CVE-2022-29347
was published
May 5, 2022
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can...
Critical
Unreviewed
CVE-2021-41921
was published
Apr 29, 2022
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate...
Critical
Unreviewed
CVE-2021-43934
was published
Apr 29, 2022
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to...
Critical
Unreviewed
CVE-2022-27468
was published
Apr 27, 2022
Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE)...
Critical
Unreviewed
CVE-2022-28021
was published
Apr 22, 2022
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the...
Critical
Unreviewed
CVE-2010-1433
was published
Apr 21, 2022
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This...
Critical
Unreviewed
CVE-2022-29464
was published
Apr 20, 2022
ProTip!
Advisories are also available from the
GraphQL API