GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
769 advisories
Filter by severity
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the...
Critical
Unreviewed
CVE-2024-46377
was published
Sep 18, 2024
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online...
Critical
Unreviewed
CVE-2024-27115
was published
Sep 11, 2024
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in...
Critical
Unreviewed
CVE-2024-44849
was published
Sep 9, 2024
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of...
Critical
Unreviewed
CVE-2024-8463
was published
Sep 5, 2024
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute...
Critical
Unreviewed
CVE-2024-45076
was published
Sep 4, 2024
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of...
Critical
Unreviewed
CVE-2024-42777
was published
Aug 21, 2024
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary...
Critical
Unreviewed
CVE-2024-42563
was published
Aug 20, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows...
Critical
Unreviewed
CVE-2024-43249
was published
Aug 19, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an...
Critical
Unreviewed
CVE-2024-39397
was published
Aug 14, 2024
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter,...
Critical
Unreviewed
CVE-2024-7732
was published
Aug 14, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection...
Critical
Unreviewed
CVE-2024-43160
was published
Aug 13, 2024
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in...
Critical
Unreviewed
CVE-2024-6117
was published
Aug 5, 2024
The YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary...
Critical
Unreviewed
CVE-2024-7257
was published
Aug 3, 2024
The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
Critical
Unreviewed
CVE-2024-6220
was published
Jul 17, 2024
Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an...
Critical
Unreviewed
CVE-2024-40394
was published
Jul 16, 2024
File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1...
Critical
Unreviewed
CVE-2024-40425
was published
Jul 16, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import...
Critical
Unreviewed
CVE-2024-38734
was published
Jul 12, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX...
Critical
Unreviewed
CVE-2024-38736
was published
Jul 12, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site...
Critical
Unreviewed
CVE-2024-37420
was published
Jul 9, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks...
Critical
Unreviewed
CVE-2024-37424
was published
Jul 9, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows...
Critical
Unreviewed
CVE-2024-37418
was published
Jul 9, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using...
Critical
Unreviewed
CVE-2024-37555
was published
Jul 9, 2024
MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to...
Critical
Unreviewed
CVE-2024-37762
was published
Jul 2, 2024
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web...
Critical
Unreviewed
CVE-2024-5827
was published
Jun 29, 2024
An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry...
Critical
Unreviewed
CVE-2024-35527
was published
Jun 26, 2024
ProTip!
Advisories are also available from the
GraphQL API