GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
873 advisories
Filter by severity
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
Critical
Unreviewed
CVE-2021-42099
was published
Dec 1, 2021
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI...
Critical
Unreviewed
CVE-2021-43936
was published
Dec 7, 2021
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution...
Critical
Unreviewed
CVE-2021-43117
was published
Dec 14, 2021
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.
Critical
Unreviewed
CVE-2021-40883
was published
Dec 15, 2021
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an...
Critical
Unreviewed
CVE-2021-41560
was published
Dec 16, 2021
Chain Sea ai chatbot system’s file upload function has insufficient filtering for special...
Critical
Unreviewed
CVE-2021-44164
was published
Dec 21, 2021
4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker...
Critical
Unreviewed
CVE-2021-44159
was published
Dec 21, 2021
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles...
Critical
Unreviewed
CVE-2021-44031
was published
Dec 23, 2021
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database...
Critical
Unreviewed
CVE-2021-45411
was published
Jan 13, 2022
An unrestricted file upload vulnerability exists in Sourcecodester Free school management...
Critical
Unreviewed
CVE-2021-46013
was published
Jan 19, 2022
SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows...
Critical
Unreviewed
CVE-2021-38697
was published
Jan 19, 2022
In ForestBlog, as of 2021-12-28, File upload can bypass verification.
Critical
Unreviewed
CVE-2021-46033
was published
Jan 26, 2022
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1...
Critical
Unreviewed
CVE-2021-46428
was published
Jan 28, 2022
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows...
Critical
Unreviewed
CVE-2022-23329
was published
Feb 10, 2022
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead...
Critical
Unreviewed
CVE-2021-22803
was published
Feb 12, 2022
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary...
Critical
Unreviewed
CVE-2022-23390
was published
Feb 15, 2022
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow...
Critical
Unreviewed
CVE-2022-24984
was published
Feb 17, 2022
An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function...
Critical
Unreviewed
CVE-2022-24553
was published
Feb 22, 2022
A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows...
Critical
Unreviewed
CVE-2022-25411
was published
Mar 2, 2022
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload...
Critical
Unreviewed
CVE-2022-25016
was published
Mar 3, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized...
Critical
Unreviewed
CVE-2022-24652
was published
Mar 11, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized...
Critical
Unreviewed
CVE-2022-24651
was published
Mar 11, 2022
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow...
Critical
Unreviewed
CVE-2021-25003
was published
Mar 15, 2022
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-25495
was published
Mar 16, 2022
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin...
Critical
Unreviewed
CVE-2022-25487
was published
Mar 16, 2022
ProTip!
Advisories are also available from the
GraphQL API