Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

240 advisories

Loading
Cockpit CMS contains an arbitrary file upload vulenrability Critical
CVE-2024-4825 was published for cockpit-hq/cockpit (Composer) May 14, 2024
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
pyLoad allows upload to arbitrary folder lead to RCE Critical
CVE-2024-32880 was published for pyload-ng (pip) Apr 24, 2024
zhcy2018
PsiTransfer: File integrity violation Moderate
CVE-2024-31454 was published for psitransfer (npm) Apr 5, 2024
onelovegg1
PsiTransfer: Violation of the integrity of file distribution Moderate
CVE-2024-31453 was published for psitransfer (npm) Apr 5, 2024
onelovegg1
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish fforootd
livio-a adlerhurst
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE High
CVE-2024-28105 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
VvvebJs Arbitrary File Upload vulnerability Moderate
CVE-2024-29272 was published for vvvebJs (npm) Mar 22, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts Moderate
GHSA-9j39-4686-m3c4 was published for ibexa/core (Composer) Mar 20, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts Moderate
GHSA-mwvh-p3hx-x4gg was published for ezsystems/ezplatform-kernel (Composer) Mar 20, 2024
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API High
CVE-2023-51444 was published for org.geoserver:gs-platform (Maven) Mar 20, 2024
sikeoka
Remote Code Execution by uploading a phar file using frontmatter Critical
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2024-22393 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets Moderate
CVE-2023-50386 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
mingSoft MCMS File Upload vulnerability High
CVE-2024-22567 was published for net.mingsoft:ms-mcms (Maven) Feb 5, 2024
class.upload.php allows cross-site scripting attacks via uploaded files Moderate
CVE-2023-6551 was published for verot/class.upload.php (Composer) Jan 4, 2024
Withdrawn Advisory: Unrestricted File Upload affecting automad Moderate
CVE-2023-7036 was published for automad/automad (Composer) Dec 21, 2023 withdrawn
marcantondahmen
MLflow Path Traversal Vulnerability High
CVE-2023-6976 was published for mlflow (pip) Dec 20, 2023
ThinkAdmin arbitrary file upload vulnerability High
CVE-2023-48966 was published for zoujingli/thinkadmin (Composer) Dec 4, 2023
Microweber file upload vulnerability High
CVE-2023-49052 was published for microweber/microweber (Composer) Nov 30, 2023
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
Guest Entries Remote code execution via file uploads High
CVE-2023-47621 was published for doublethreedigital/guest-entries (Composer) Nov 14, 2023
Statamic CMS remote code execution via front-end form uploads High
CVE-2023-47129 was published for statamic/cms (Composer) Nov 12, 2023
Cyber-Wo0dy
ConcreteCMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-44763 was published for concrete5/concrete5 (Composer) Oct 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database