Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

358 advisories

Loading
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. Moderate Unreviewed
CVE-2022-1045 was published Apr 12, 2022
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows... Moderate Unreviewed
CVE-2020-5844 was published May 24, 2022
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact... Moderate Unreviewed
CVE-2020-29450 was published May 24, 2022
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to... Moderate Unreviewed
CVE-2015-4463 was published May 17, 2022
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5... Moderate Unreviewed
CVE-2015-4462 was published May 17, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could... Moderate Unreviewed
CVE-2021-39017 was published Jul 15, 2022
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low... Moderate Unreviewed
CVE-2017-7989 was published May 17, 2022
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an... Moderate Unreviewed
CVE-2016-8973 was published May 17, 2022
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before... Moderate Unreviewed
CVE-2015-4524 was published May 17, 2022
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine ... Moderate Unreviewed
CVE-2016-2914 was published May 17, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0... Moderate Unreviewed
CVE-2022-22482 was published May 18, 2022
This vulnerability allows remote attackers to create arbitrary files on affected installations of... Moderate Unreviewed
CVE-2020-8866 was published May 24, 2022
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with... Moderate Unreviewed
CVE-2019-19493 was published May 24, 2022
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker... Moderate Unreviewed
CVE-2019-18320 was published May 24, 2022
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote... Moderate Unreviewed
CVE-2019-19141 was published May 24, 2022
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update... Moderate Unreviewed
CVE-2019-19925 was published May 24, 2022
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle... Moderate Unreviewed
CVE-2020-2730 was published May 24, 2022
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser... Moderate Unreviewed
CVE-2015-0258 was published May 24, 2022
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote... Moderate Unreviewed
CVE-2020-10386 was published May 24, 2022
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote... Moderate Unreviewed
CVE-2020-8639 was published May 24, 2022
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command... Moderate Unreviewed
CVE-2020-11629 was published May 24, 2022
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must... Moderate Unreviewed
CVE-2020-25042 was published May 24, 2022
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer... Moderate Unreviewed
CVE-2020-1255 was published May 24, 2022
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows... Moderate Unreviewed
CVE-2019-20897 was published May 24, 2022
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="... Moderate Unreviewed
CVE-2020-23574 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database