GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
3,684 advisories
Filter by severity
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This...
Critical
Unreviewed
CVE-2022-1345
was published
Apr 14, 2022
Unrestricted Upload of File with Dangerous Type in Strapi
Critical
CVE-2022-27263
was published
for
strapi
(npm)
Apr 13, 2022
An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1...
Critical
Unreviewed
CVE-2022-27140
was published
Apr 13, 2022
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows...
Critical
Unreviewed
CVE-2022-27262
was published
Apr 13, 2022
Express-FileUpload Arbitrary File Overwrite
High
CVE-2022-27261
was published
for
express-fileupload
(npm)
Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS
Critical
CVE-2022-27260
was published
for
buttercms
(npm)
Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Payload
Critical
CVE-2022-27952
was published
for
payload
(npm)
Apr 13, 2022
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.
Moderate
Unreviewed
CVE-2022-1045
was published
Apr 12, 2022
The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file,...
High
Unreviewed
CVE-2022-1008
was published
Apr 12, 2022
RCE in Studio-42 elFinder on Windows before 2.1.61
Critical
CVE-2022-27115
was published
for
studio-42/elfinder
(Composer)
Apr 12, 2022
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-27131
was published
Apr 11, 2022
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-27129
was published
Apr 11, 2022
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at ...
Critical
Unreviewed
CVE-2022-27477
was published
Apr 11, 2022
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via ...
Critical
Unreviewed
CVE-2022-27357
was published
Apr 9, 2022
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via...
High
Unreviewed
CVE-2022-27349
was published
Apr 9, 2022
Musical World v1 was discovered to contain an arbitrary file upload vulnerability via...
High
Unreviewed
CVE-2022-27064
was published
Apr 9, 2022
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post...
High
Unreviewed
CVE-2022-27061
was published
Apr 9, 2022
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability...
High
Unreviewed
CVE-2022-27352
was published
Apr 9, 2022
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via ...
High
Unreviewed
CVE-2022-27346
was published
Apr 9, 2022
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ...
Critical
Unreviewed
CVE-2022-27351
was published
Apr 9, 2022
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin...
High
Unreviewed
CVE-2021-46367
was published
Apr 9, 2022
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.
Critical
Unreviewed
CVE-2022-27047
was published
Apr 9, 2022
Infinite loop in .Net Bond
High
CVE-2020-1469
was published
for
Bond.Core.CSharp
(NuGet)
Apr 8, 2022
ProTip!
Advisories are also available from the
GraphQL API