Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

769 advisories

Loading
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Critical Unreviewed
CVE-2021-42099 was published Dec 1, 2021
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI... Critical Unreviewed
CVE-2021-43936 was published Dec 7, 2021
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution... Critical Unreviewed
CVE-2021-43117 was published Dec 14, 2021
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. Critical Unreviewed
CVE-2021-40883 was published Dec 15, 2021
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an... Critical Unreviewed
CVE-2021-41560 was published Dec 16, 2021
4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker... Critical Unreviewed
CVE-2021-44159 was published Dec 21, 2021
Chain Sea ai chatbot system’s file upload function has insufficient filtering for special... Critical Unreviewed
CVE-2021-44164 was published Dec 21, 2021
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles... Critical Unreviewed
CVE-2021-44031 was published Dec 23, 2021
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database... Critical Unreviewed
CVE-2021-45411 was published Jan 13, 2022
An unrestricted file upload vulnerability exists in Sourcecodester Free school management... Critical Unreviewed
CVE-2021-46013 was published Jan 19, 2022
SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows... Critical Unreviewed
CVE-2021-38697 was published Jan 19, 2022
In ForestBlog, as of 2021-12-28, File upload can bypass verification. Critical Unreviewed
CVE-2021-46033 was published Jan 26, 2022
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1... Critical Unreviewed
CVE-2021-46428 was published Jan 28, 2022
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows... Critical Unreviewed
CVE-2022-23329 was published Feb 10, 2022
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead... Critical Unreviewed
CVE-2021-22803 was published Feb 12, 2022
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary... Critical Unreviewed
CVE-2022-23390 was published Feb 15, 2022
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow... Critical Unreviewed
CVE-2022-24984 was published Feb 17, 2022
An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function... Critical Unreviewed
CVE-2022-24553 was published Feb 22, 2022
A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows... Critical Unreviewed
CVE-2022-25411 was published Mar 2, 2022
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload... Critical Unreviewed
CVE-2022-25016 was published Mar 3, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed
CVE-2022-24651 was published Mar 11, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed
CVE-2022-24652 was published Mar 11, 2022
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow... Critical Unreviewed
CVE-2021-25003 was published Mar 15, 2022
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to... Critical Unreviewed
CVE-2022-25495 was published Mar 16, 2022
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin... Critical Unreviewed
CVE-2022-25487 was published Mar 16, 2022
ProTip! Advisories are also available from the GraphQL API