GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
921 advisories
Filter by severity
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action...
High
Unreviewed
CVE-2022-26965
was published
Mar 19, 2022
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings...
High
Unreviewed
CVE-2022-25602
was published
Mar 19, 2022
With administrator or admin privileges the application can be tricked into overwriting files in...
High
Unreviewed
CVE-2022-24387
was published
Mar 15, 2022
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 ...
High
Unreviewed
CVE-2021-43970
was published
Mar 11, 2022
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by...
High
Unreviewed
CVE-2022-26521
was published
Mar 11, 2022
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files'...
High
Unreviewed
CVE-2021-24216
was published
Mar 8, 2022
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to...
High
Unreviewed
CVE-2022-0440
was published
Mar 8, 2022
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user...
High
Unreviewed
CVE-2022-25115
was published
Mar 4, 2022
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload...
High
Unreviewed
CVE-2022-24251
was published
Mar 3, 2022
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload...
High
Unreviewed
CVE-2022-24253
was published
Mar 3, 2022
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis...
High
Unreviewed
CVE-2022-24252
was published
Mar 3, 2022
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis...
High
Unreviewed
CVE-2022-24254
was published
Mar 3, 2022
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability...
High
Unreviewed
CVE-2022-23906
was published
Mar 2, 2022
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install...
High
Unreviewed
CVE-2021-44967
was published
Feb 25, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged...
High
Unreviewed
CVE-2022-25360
was published
Feb 25, 2022
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in...
High
Unreviewed
CVE-2021-44664
was published
Feb 25, 2022
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can...
High
Unreviewed
CVE-2022-23375
was published
Feb 20, 2022
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in...
High
Unreviewed
CVE-2022-23048
was published
Feb 11, 2022
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent...
High
Unreviewed
CVE-2022-24262
was published
Feb 10, 2022
update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP...
High
Unreviewed
CVE-2022-24676
was published
Feb 10, 2022
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote...
High
Unreviewed
CVE-2021-46360
was published
Feb 10, 2022
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used)...
High
Unreviewed
CVE-2021-37194
was published
Feb 10, 2022
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php...
High
Unreviewed
CVE-2021-46097
was published
Jan 28, 2022
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability,...
High
Unreviewed
CVE-2021-44123
was published
Jan 27, 2022
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The...
High
Unreviewed
CVE-2021-46115
was published
Jan 27, 2022
ProTip!
Advisories are also available from the
GraphQL API