Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

472 advisories

Loading
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to... Moderate Unreviewed
CVE-2020-0971 was published May 24, 2022
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command... Moderate Unreviewed
CVE-2020-11629 was published May 24, 2022
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote... Moderate Unreviewed
CVE-2020-8639 was published May 24, 2022
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Moderate Unreviewed
CVE-2020-10934 was published May 24, 2022
This vulnerability allows remote attackers to create arbitrary files on affected installations of... Moderate Unreviewed
CVE-2020-8866 was published May 24, 2022
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows... Moderate Unreviewed
CVE-2020-5844 was published May 24, 2022
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote... Moderate Unreviewed
CVE-2020-10386 was published May 24, 2022
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file... Moderate Unreviewed
CVE-2020-8500 was published May 24, 2022
DNN File Upload Vulnerability Moderate
CVE-2020-5188 was published for DotNetNuke.Core (NuGet) May 24, 2022
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This... Moderate Unreviewed
CVE-2020-9320 was published May 24, 2022
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser... Moderate Unreviewed
CVE-2015-0258 was published May 24, 2022
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle... Moderate Unreviewed
CVE-2020-2730 was published May 24, 2022
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an... Moderate Unreviewed
CVE-2020-5509 was published May 24, 2022
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update... Moderate Unreviewed
CVE-2019-19925 was published May 24, 2022
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote... Moderate Unreviewed
CVE-2019-19141 was published May 24, 2022
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker... Moderate Unreviewed
CVE-2019-18320 was published May 24, 2022
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One... Moderate Unreviewed
CVE-2019-11216 was published May 24, 2022
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with... Moderate Unreviewed
CVE-2019-19493 was published May 24, 2022
Magento Unrestricted file upload vulnerability Moderate
CVE-2019-8140 was published for magento/community-edition (Composer) May 24, 2022
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local... Moderate Unreviewed
CVE-2019-17325 was published May 24, 2022
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the... Moderate Unreviewed
CVE-2019-17536 was published May 24, 2022
An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to... Moderate Unreviewed
CVE-2019-14916 was published May 24, 2022
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation... Moderate Unreviewed
CVE-2019-14748 was published May 24, 2022
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload... Moderate Unreviewed
CVE-2018-20925 was published May 24, 2022
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload... Moderate Unreviewed
CVE-2019-4056 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database