Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

455 advisories

Loading
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows... Moderate Unreviewed
CVE-2019-20897 was published May 24, 2022
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="... Moderate Unreviewed
CVE-2020-23574 was published May 24, 2022
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file... Moderate Unreviewed
CVE-2020-24948 was published May 24, 2022
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must... Moderate Unreviewed
CVE-2020-25042 was published May 24, 2022
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users... Moderate Unreviewed
CVE-2020-26583 was published May 24, 2022
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An... Moderate Unreviewed
CVE-2020-29441 was published May 24, 2022
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an... Moderate Unreviewed
CVE-2020-26826 was published May 24, 2022
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload... Moderate Unreviewed
CVE-2020-26828 was published May 24, 2022
Affected versions of Atlassian Crucible allow remote attackers to impact the application's... Moderate Unreviewed
CVE-2020-29447 was published May 24, 2022
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information... Moderate Unreviewed
CVE-2020-4918 was published May 24, 2022
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By... Moderate Unreviewed
CVE-2020-4928 was published May 24, 2022
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact... Moderate Unreviewed
CVE-2020-29450 was published May 24, 2022
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web... Moderate Unreviewed
CVE-2021-26597 was published May 24, 2022
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local... Moderate Unreviewed
CVE-2020-19642 was published May 24, 2022
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before... Moderate Unreviewed
CVE-2021-23001 was published May 24, 2022
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded... Moderate Unreviewed
CVE-2021-30209 was published May 24, 2022
In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory. Moderate Unreviewed
CVE-2021-29022 was published May 24, 2022
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7... Moderate Unreviewed
CVE-2021-27618 was published May 24, 2022
WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and... Moderate Unreviewed
CVE-2020-21005 was published May 24, 2022
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary... Moderate Unreviewed
CVE-2021-29699 was published May 24, 2022
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via... Moderate Unreviewed
CVE-2020-20691 was published May 24, 2022
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type Moderate Unreviewed
CVE-2021-3745 was published May 24, 2022
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type Moderate Unreviewed
CVE-2021-3906 was published May 24, 2022
Strapi 4.1.12 Cross-site Scripting via crafted file Moderate
CVE-2022-32114 was published for @strapi/strapi (npm) Jul 14, 2022
RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module Moderate
CVE-2022-32065 was published for com.ruoyi:ruoyi (Maven) Jul 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database