Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,719
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
Bolt Unrestricted Upload of File with Dangerous Type High
CVE-2019-9185 was published for bolt/bolt (Composer) May 13, 2022
Subrion CMS RCE Vulnerability High
CVE-2018-19422 was published for intelliants/subrion (Composer) May 13, 2022
Unrestricted Upload of File with Dangerous Type in Apache Struts2 High
CVE-2012-1592 was published for org.apache.struts:struts2-core (Maven) Apr 23, 2022
TYPO3 Arbitrary Code Execution vulnerability on the backend High
CVE-2010-3663 was published for typo3/cms-backend (Composer) Apr 21, 2022
Express-FileUpload Arbitrary File Overwrite High
CVE-2022-27261 was published for express-fileupload (npm) Apr 13, 2022
Infinite loop in .Net Bond High
CVE-2020-1469 was published for Bond.Core.CSharp (NuGet) Apr 8, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4 High
CVE-2021-34257 was published for wpanel/wpanel4-cms (Composer) Apr 1, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Unrestricted Upload of File with Dangerous Type in ShowDoc High
CVE-2022-1034 was published for showdoc/showdoc (Composer) Mar 23, 2022
Unrestricted Upload of File with Dangerous Type in Croogo High
CVE-2021-44673 was published for croogo/croogo (Composer) Mar 11, 2022
Unrestricted Upload of File with Dangerous Type in MODX Revolution High
CVE-2022-26149 was published for modx/revolution (Composer) Feb 27, 2022
File upload restriction bypass in Zenario CMS High
CVE-2022-23043 was published for tribalsystems/zenario (Composer) Feb 25, 2022
Unrestricted Upload of File with Dangerous Type in showdoc High
CVE-2022-0409 was published for showdoc/showdoc (Composer) Feb 20, 2022
Unrestricted Upload of File with Dangerous Type in motionEye High
CVE-2021-44255 was published for motioneye (pip) Feb 1, 2022
crater is vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2021-4080 was published for bytefury/crater (Composer) Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in Crater High
CVE-2022-0242 was published for bytefury/crater (Composer) Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in pimcore High
CVE-2022-0263 was published for pimcore/pimcore (Composer) Jan 21, 2022
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2021-3915 was published for ssddanbrown/bookstack (Composer) Nov 15, 2021
Unrestricted Uploads in Concrete5 High
CVE-2020-11476 was published for concrete5/concrete5 (Composer) Nov 3, 2021
tdunlap607
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. High
CVE-2021-40324 was published for cobbler (pip) Oct 5, 2021
Arbitrary Code Execution in feehi/cms High
CVE-2020-21322 was published for feehi/cms (Composer) Sep 20, 2021
Arbitrary file upload in Fork CMS High
CVE-2021-28931 was published for forkcms/forkcms (Composer) Sep 8, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39149 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database