GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,135
Composer 4,081
Erlang 29
GitHub Actions 19
Go 1,909
Maven 5,106
npm 3,642
NuGet 638
pip 3,258
Pub 10
RubyGems 869
Rust 820
Swift 35

Unreviewed advisories

All unreviewed 229,032

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

358 advisories

Filter by severity

Sort by

Least recently updated

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management... Moderate Unreviewed

CVE-2021-46078 was published Jan 7, 2022

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before... Moderate Unreviewed

CVE-2022-23026 was published Jan 26, 2022

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress... Moderate Unreviewed

CVE-2021-24960 was published Mar 8, 2022

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. Moderate Unreviewed

CVE-2022-1045 was published Apr 12, 2022

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which... Moderate Unreviewed

CVE-2004-2262 was published Apr 29, 2022

The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote... Moderate Unreviewed

CVE-2001-1099 was published Apr 30, 2022

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that... Moderate Unreviewed

CVE-2002-1841 was published Apr 30, 2022

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for... Moderate Unreviewed

CVE-2005-0254 was published May 1, 2022

Mailsite Express allows remote attackers to upload and execute files with executable extensions... Moderate Unreviewed

CVE-2005-3288 was published May 1, 2022

add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading... Moderate Unreviewed

CVE-2006-2428 was published May 1, 2022

The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users... Moderate Unreviewed

CVE-2006-4471 was published May 1, 2022

Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated... Moderate Unreviewed

CVE-2006-5845 was published May 1, 2022

Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier,... Moderate Unreviewed

CVE-2006-6994 was published May 1, 2022

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG... Moderate Unreviewed

CVE-2016-10258 was published May 13, 2022

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed

CVE-2018-15424 was published May 13, 2022

Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload... Moderate Unreviewed

CVE-2018-4921 was published May 13, 2022

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for... Moderate Unreviewed

CVE-2018-0587 was published May 13, 2022

On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user... Moderate Unreviewed

CVE-2018-15333 was published May 13, 2022

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via... Moderate Unreviewed

CVE-2017-11404 was published May 13, 2022

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via... Moderate Unreviewed

CVE-2017-11405 was published May 13, 2022

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a... Moderate Unreviewed

CVE-2019-9692 was published May 14, 2022

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to... Moderate Unreviewed

CVE-2019-8394 was published May 14, 2022

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5,... Moderate Unreviewed

CVE-2018-16097 was published May 14, 2022

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system... Moderate Unreviewed

CVE-2018-16093 was published May 14, 2022

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative... Moderate Unreviewed

CVE-2018-19420 was published May 14, 2022

Previous 1 2 3 4 5 … 14 15 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

358 advisories