GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
397 advisories
Filter by severity
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.
Moderate
Unreviewed
CVE-2022-1045
was published
Apr 12, 2022
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows...
Moderate
Unreviewed
CVE-2020-5844
was published
May 24, 2022
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact...
Moderate
Unreviewed
CVE-2020-29450
was published
May 24, 2022
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to...
Moderate
Unreviewed
CVE-2015-4463
was published
May 17, 2022
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5...
Moderate
Unreviewed
CVE-2015-4462
was published
May 17, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could...
Moderate
Unreviewed
CVE-2021-39017
was published
Jul 15, 2022
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low...
Moderate
Unreviewed
CVE-2017-7989
was published
May 17, 2022
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an...
Moderate
Unreviewed
CVE-2016-8973
was published
May 17, 2022
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before...
Moderate
Unreviewed
CVE-2015-4524
was published
May 17, 2022
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine ...
Moderate
Unreviewed
CVE-2016-2914
was published
May 17, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0...
Moderate
Unreviewed
CVE-2022-22482
was published
May 18, 2022
This vulnerability allows remote attackers to create arbitrary files on affected installations of...
Moderate
Unreviewed
CVE-2020-8866
was published
May 24, 2022
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with...
Moderate
Unreviewed
CVE-2019-19493
was published
May 24, 2022
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker...
Moderate
Unreviewed
CVE-2019-18320
was published
May 24, 2022
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote...
Moderate
Unreviewed
CVE-2019-19141
was published
May 24, 2022
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update...
Moderate
Unreviewed
CVE-2019-19925
was published
May 24, 2022
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle...
Moderate
Unreviewed
CVE-2020-2730
was published
May 24, 2022
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser...
Moderate
Unreviewed
CVE-2015-0258
was published
May 24, 2022
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote...
Moderate
Unreviewed
CVE-2020-10386
was published
May 24, 2022
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote...
Moderate
Unreviewed
CVE-2020-8639
was published
May 24, 2022
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command...
Moderate
Unreviewed
CVE-2020-11629
was published
May 24, 2022
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must...
Moderate
Unreviewed
CVE-2020-25042
was published
May 24, 2022
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer...
Moderate
Unreviewed
CVE-2020-1255
was published
May 24, 2022
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows...
Moderate
Unreviewed
CVE-2019-20897
was published
May 24, 2022
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="...
Moderate
Unreviewed
CVE-2020-23574
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API