GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,479 advisories
Filter by severity
Unrestricted Upload of File with Dangerous Type in Payload
Critical
CVE-2022-27952
was published
for
payload
(npm)
Apr 13, 2022
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows...
Critical
Unreviewed
CVE-2022-27262
was published
Apr 13, 2022
Express-FileUpload Arbitrary File Overwrite
High
CVE-2022-27261
was published
for
express-fileupload
(npm)
Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS
Critical
CVE-2022-27260
was published
for
buttercms
(npm)
Apr 13, 2022
An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1...
Critical
Unreviewed
CVE-2022-27140
was published
Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Strapi
Critical
CVE-2022-27263
was published
for
strapi
(npm)
Apr 13, 2022
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This...
Critical
Unreviewed
CVE-2022-1345
was published
Apr 14, 2022
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5...
Critical
Unreviewed
CVE-2022-27862
was published
Apr 20, 2022
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of...
High
Unreviewed
CVE-2022-1329
was published
Apr 20, 2022
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This...
Critical
Unreviewed
CVE-2022-29464
was published
Apr 20, 2022
TYPO3 Arbitrary Code Execution vulnerability on the backend
High
CVE-2010-3663
was published
for
typo3/cms-backend
(Composer)
Apr 21, 2022
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the...
Critical
Unreviewed
CVE-2010-1433
was published
Apr 21, 2022
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code...
High
Unreviewed
CVE-2022-28440
was published
Apr 22, 2022
Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE)...
Critical
Unreviewed
CVE-2022-28021
was published
Apr 22, 2022
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the...
High
Unreviewed
CVE-2022-27478
was published
Apr 22, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP...
High
Unreviewed
CVE-2022-27925
was published
Apr 22, 2022
Unrestricted Upload of File with Dangerous Type in Apache Struts2
High
CVE-2012-1592
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 23, 2022
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files...
High
Unreviewed
CVE-2022-22392
was published
Apr 26, 2022
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users,...
High
Unreviewed
CVE-2021-4225
was published
Apr 26, 2022
IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not...
High
Unreviewed
CVE-2021-39040
was published
Apr 26, 2022
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior...
High
Unreviewed
CVE-2021-25094
was published
Apr 26, 2022
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload...
High
Unreviewed
CVE-2022-28053
was published
Apr 26, 2022
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin...
High
Unreviewed
CVE-2022-28525
was published
Apr 27, 2022
ProTip!
Advisories are also available from the
GraphQL API