GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,430 advisories
Filter by severity
The "Log alert to a file" action within action management enables any Orion Platform user with...
High
Unreviewed
CVE-2021-35244
was published
Dec 21, 2021
An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An...
High
Unreviewed
CVE-2021-41870
was published
Dec 16, 2021
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an...
Critical
Unreviewed
CVE-2021-41560
was published
Dec 16, 2021
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.
Critical
Unreviewed
CVE-2021-40883
was published
Dec 15, 2021
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution...
Critical
Unreviewed
CVE-2021-43117
was published
Dec 14, 2021
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading...
High
Unreviewed
CVE-2021-27984
was published
Dec 11, 2021
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior...
High
Unreviewed
CVE-2021-27860
was published
Dec 9, 2021
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The...
High
Unreviewed
CVE-2021-36719
was published
Dec 9, 2021
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report...
High
Unreviewed
CVE-2021-21957
was published
Dec 9, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42125
was published
Dec 8, 2021
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI...
Critical
Unreviewed
CVE-2021-43936
was published
Dec 7, 2021
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute...
High
Unreviewed
CVE-2020-29176
was published
Dec 4, 2021
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s...
High
Unreviewed
CVE-2021-42123
was published
Dec 1, 2021
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
Critical
Unreviewed
CVE-2021-42099
was published
Dec 1, 2021
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could...
High
Unreviewed
CVE-2021-44094
was published
Nov 29, 2021
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
Moderate
CVE-2021-43617
was published
for
laravel/framework
(Composer)
Nov 16, 2021
•
withdrawn
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-3915
was published
for
ssddanbrown/bookstack
(Composer)
Nov 15, 2021
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
Drupal core Unrestricted Upload of File with Dangerous Type
High
CVE-2020-13671
was published
for
drupal/core
(Composer)
Oct 12, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
High
CVE-2021-40324
was published
for
cobbler
(pip)
Oct 5, 2021
Arbitrary Code Execution in feehi/cms
High
CVE-2020-21322
was published
for
feehi/cms
(Composer)
Sep 20, 2021
Unrestricted File Upload in ShowDoc v2.9.5
Critical
CVE-2021-36440
was published
for
showdoc/showdoc
(Composer)
Sep 9, 2021
Arbitrary file upload in Fork CMS
High
CVE-2021-28931
was published
for
forkcms/forkcms
(Composer)
Sep 8, 2021
ProTip!
Advisories are also available from the
GraphQL API