Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
alist Incorrect Access Control vulnerability High
CVE-2023-33498 was published for github.com/alist-org/alist/v3 (Go) Jun 7, 2023
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
MCMS vulnerable to arbitrary code execution via crafted thumbnail High
CVE-2020-22755 was published for net.mingsoft:ms-mcms (Maven) May 8, 2023
Unrestricted file upload in kiwi TCMS High
CVE-2023-30613 was published for kiwitcms (pip) Apr 24, 2023
mosaa404
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2023-1970 was published for yuan1994/tpadmin (Composer) Apr 10, 2023
Uvdesk remote code execution vulnerability High
CVE-2023-0265 was published for uvdesk/community-skeleton (Composer) Apr 5, 2023
cockpit-hq/cockpit is vulnerable to unrestricted file uploads High
CVE-2023-1313 was published for cockpit-hq/cockpit (Composer) Mar 10, 2023
laravel-admin has Arbitrary File Upload vulnerability High
CVE-2023-24249 was published for encore/laravel-admin (Composer) Feb 27, 2023
DataFlow upload remote code execution vulnerability High
CVE-2021-41231 was published for openmage/magento-lts (Composer) Jan 27, 2023
Arbitrary file write in net.mingsoft:ms-mcms High
CVE-2022-47042 was published for net.mingsoft:ms-mcms (Maven) Jan 26, 2023
act vulnerable to arbitrary file upload in artifact server High
CVE-2023-22726 was published for github.com/nektos/act (Go) Jan 20, 2023
Microweber vulnerable to unrestricted malicious uploads High
CVE-2022-4732 was published for microweber/microweber (Composer) Dec 27, 2022
AList vulnerable to Improper Preservation of Permissions High
CVE-2022-45968 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
Thinkphp has a code logic error High
CVE-2022-44289 was published for topthink/framework (Composer) Dec 6, 2022
Backdrop CMS Unrestricted File Upload vulnerability High
CVE-2022-42092 was published for backdrop/backdrop (Composer) Oct 7, 2022
Drupal core arbitrary PHP code execution High
CVE-2022-25277 was published for drupal/core (Composer) Aug 6, 2022
Feehi CMS arbitrary code execution via crafted PHP file High
CVE-2022-34971 was published for feehi/cms (Composer) Jul 28, 2022
Unrestricted Upload of File with Dangerous Type in Elefant CMS High
CVE-2017-20063 was published for elefant/cms (Composer) Jun 21, 2022
Unrestricted Attachment Upload High
CVE-2022-2111 was published for inventree (pip) Jun 17, 2022
saharshtapi
Arbitrary command execution in Minidoc High
CVE-2022-29637 was published for github.com/mindoc-org/mindoc (Go) May 27, 2022
JFinal file validation vulnerability High
CVE-2019-17352 was published for com.jfinal:jfinal (Maven) May 25, 2022
Unrestricted File Upload vulnerability in Firefly III High
CVE-2021-3846 was published for grumpydictator/firefly-iii (Composer) May 24, 2022
Feehi CMS arbitrary file upload vulnerability High
CVE-2020-22643 was published for feehi/cms (Composer) May 24, 2022
Dolibarr Unrestricted Upload of File with Dangerous Type High
CVE-2020-14209 was published for dolibarr/dolibarr (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database