Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,470 advisories

Loading
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker... Critical Unreviewed
CVE-2021-40954 was published Jun 24, 2022
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-42037 was published Oct 12, 2022
The d8s-algorithms package for Python, as distributed on PyPI, included a potential code... Critical Unreviewed
CVE-2022-42040 was published Oct 12, 2022
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-42044 was published Oct 12, 2022
The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-42043 was published Oct 12, 2022
The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-42039 was published Oct 12, 2022
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can... Critical Unreviewed
CVE-2021-42675 was published Jun 15, 2022
The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which... High Unreviewed
CVE-2022-1939 was published Jun 21, 2022
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload... Critical Unreviewed
CVE-2021-40940 was published Jun 16, 2022
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0... Critical Unreviewed
CVE-2022-31374 was published Jun 22, 2022
The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-41384 was published Oct 12, 2022
The d8s-file-system package for Python, as distributed on PyPI, included a potential code... Critical Unreviewed
CVE-2022-42041 was published Oct 12, 2022
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-42036 was published Oct 12, 2022
An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management... High Unreviewed
CVE-2022-41406 was published Oct 12, 2022
LRM does not restrict the types of files that can be uploaded to the affected product. A... Critical Unreviewed
CVE-2022-1519 was published Jun 25, 2022
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use... High Unreviewed
CVE-2021-37770 was published Jul 1, 2022
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of... High Unreviewed
CVE-2022-1329 was published Apr 20, 2022
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary... Critical Unreviewed
CVE-2021-38945 was published Jun 25, 2022
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. Critical Unreviewed
CVE-2022-2128 was published Jun 21, 2022
The d8s-html package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-41385 was published Oct 12, 2022
The d8s-networking package for Python, as distributed on PyPI, included a potential code... Critical Unreviewed
CVE-2022-42042 was published Oct 12, 2022
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-41386 was published Oct 12, 2022
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code... Critical Unreviewed
CVE-2022-42038 was published Oct 12, 2022
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the... High Unreviewed
CVE-2022-40921 was published Oct 12, 2022
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed
CVE-2022-2268 was published Jul 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database