Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,470 advisories

Loading
Arbitrary file upload in Mingsoft MCMS Critical
CVE-2022-23315 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
Arbitrary File Upload in Mingsoft MCMS Critical
CVE-2022-22929 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before... Moderate Unreviewed
CVE-2022-23026 was published Jan 26, 2022
In ForestBlog, as of 2021-12-28, File upload can bypass verification. Critical Unreviewed
CVE-2021-46033 was published Jan 26, 2022
In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution... High Unreviewed
CVE-2021-46113 was published Jan 26, 2022
Mingsoft MCMS vulnerable to Remote Code Execution via file upload. Critical
CVE-2021-46386 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController... High Unreviewed
CVE-2021-46116 was published Jan 27, 2022
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The... High Unreviewed
CVE-2021-46115 was published Jan 27, 2022
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability,... High Unreviewed
CVE-2021-44123 was published Jan 27, 2022
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1... Critical Unreviewed
CVE-2021-46428 was published Jan 28, 2022
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php... High Unreviewed
CVE-2021-46097 was published Jan 28, 2022
Unrestricted Upload of File with Dangerous Type in motionEye High
CVE-2021-44255 was published for motioneye (pip) Feb 1, 2022
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom Moderate
CVE-2022-0472 was published for jsdecena/laracom (Composer) Feb 6, 2022
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used)... High Unreviewed
CVE-2021-37194 was published Feb 10, 2022
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote... High Unreviewed
CVE-2021-46360 was published Feb 10, 2022
update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP... High Unreviewed
CVE-2022-24676 was published Feb 10, 2022
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows... Critical Unreviewed
CVE-2022-23329 was published Feb 10, 2022
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent... High Unreviewed
CVE-2022-24262 was published Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP Moderate
CVE-2020-15839 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 10, 2022
Unrestricted Uploads in Concrete5 Moderate
CVE-2020-14961 was published for concrete5/concrete5 (Composer) Feb 10, 2022
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in... High Unreviewed
CVE-2022-23048 was published Feb 11, 2022
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead... Critical Unreviewed
CVE-2021-22803 was published Feb 12, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary... Critical Unreviewed
CVE-2022-23390 was published Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database