GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,079 advisories
Filter by severity
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
could be vulnerable...
High
Unreviewed
CVE-2024-40695
was published
Dec 20, 2024
There is an unrestricted file upload vulnerability where it is possible for an authenticated user...
High
Unreviewed
CVE-2024-12700
was published
Dec 20, 2024
The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to...
High
Unreviewed
CVE-2024-9698
was published
Dec 14, 2024
The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
High
Unreviewed
CVE-2024-10590
was published
Dec 12, 2024
If the attacker has access to a valid Poweruser session, remote code execution is possible...
High
Unreviewed
CVE-2024-47946
was published
Dec 10, 2024
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload...
High
Unreviewed
CVE-2024-50625
was published
Dec 10, 2024
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due...
High
Unreviewed
CVE-2024-10578
was published
Dec 6, 2024
Dangerous File Upload vulnerabilities allow upload of malicious scripts.
Affected products:
...
High
Unreviewed
CVE-2024-51548
was published
Dec 5, 2024
An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of...
High
Unreviewed
CVE-2024-46625
was published
Dec 4, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
High
CVE-2024-53863
was published
for
matrix-synapse
(pip)
Dec 3, 2024
IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to malicious file upload by not...
High
Unreviewed
CVE-2024-40691
was published
Dec 3, 2024
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to...
High
Unreviewed
CVE-2024-11391
was published
Dec 3, 2024
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due...
High
Unreviewed
CVE-2024-8066
was published
Nov 28, 2024
The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored...
High
Unreviewed
CVE-2024-9504
was published
Nov 26, 2024
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file...
High
Unreviewed
CVE-2024-9660
was published
Nov 23, 2024
An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute...
High
Unreviewed
CVE-2024-51364
was published
Nov 21, 2024
An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0...
High
Unreviewed
CVE-2024-52769
was published
Nov 20, 2024
File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0...
High
Unreviewed
CVE-2024-51208
was published
Nov 20, 2024
The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for...
High
Unreviewed
CVE-2024-9849
was published
Nov 16, 2024
parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect...
High
Unreviewed
CVE-2024-5125
was published
Nov 14, 2024
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote...
High
Unreviewed
CVE-2024-11017
was published
Nov 11, 2024
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute...
High
Unreviewed
CVE-2024-51152
was published
Nov 8, 2024
*Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS...
High
Unreviewed
CVE-2024-48734
was published
Oct 30, 2024
Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to...
High
Unreviewed
CVE-2024-48093
was published
Oct 30, 2024
An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized...
High
Unreviewed
CVE-2024-48646
was published
Oct 30, 2024
ProTip!
Advisories are also available from the
GraphQL API