Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,245
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,718
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

240 advisories

Loading
Drupal Settings Tray access bypass Moderate
CVE-2017-6931 was published for drupal/core (Composer) May 13, 2022
express-cart unrestricted file upload vulnerability High
CVE-2018-3758 was published for express-cart (npm) May 13, 2022
October CMS PHP Code Execution High
CVE-2017-1000119 was published for october/cms (Composer) May 13, 2022
October CMS File Upload Vulnerability Critical
CVE-2017-1000194 was published for october/october (Composer) May 13, 2022
daftspunk
Craft CMS PHP Code Injection Vulnerability High
CVE-2018-3814 was published for craftcms/cms (Composer) May 13, 2022
RCE in baserCMS before 4.1.4 High
CVE-2018-18942 was published for baserproject/basercms (Composer) May 13, 2022
Bolt Unrestricted Upload of File with Dangerous Type High
CVE-2019-9185 was published for bolt/bolt (Composer) May 13, 2022
Subrion CMS RCE Vulnerability High
CVE-2018-19422 was published for intelliants/subrion (Composer) May 13, 2022
Unrestricted Upload of File with Dangerous Type in yetiforce-crm Moderate
CVE-2022-1411 was published for yetiforce/yetiforce-crm (Composer) May 6, 2022
TYPO3 Unrestricted File Upload vulnerability Moderate
CVE-2008-2717 was published for typo3/cms-core (Composer) May 1, 2022
Unrestricted Upload of File with Dangerous Type in Apache Struts2 High
CVE-2012-1592 was published for org.apache.struts:struts2-core (Maven) Apr 23, 2022
TYPO3 Arbitrary Code Execution vulnerability on the backend High
CVE-2010-3663 was published for typo3/cms-backend (Composer) Apr 21, 2022
Unrestricted Upload of File with Dangerous Type in Strapi Critical
CVE-2022-27263 was published for strapi (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-27139 was published for ghost (npm) Apr 13, 2022
Express-FileUpload Arbitrary File Overwrite High
CVE-2022-27261 was published for express-fileupload (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS Critical
CVE-2022-27260 was published for buttercms (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Payload Critical
CVE-2022-27952 was published for payload (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-28397 was published for ghost (npm) Apr 13, 2022
RCE in Studio-42 elFinder on Windows before 2.1.61 Critical
CVE-2022-27115 was published for studio-42/elfinder (Composer) Apr 12, 2022
Infinite loop in .Net Bond High
CVE-2020-1469 was published for Bond.Core.CSharp (NuGet) Apr 8, 2022
elFinder Unrestricted File Upload vulnerability Critical
CVE-2021-43421 was published for studio-42/elfinder (Composer) Apr 8, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4 High
CVE-2021-34257 was published for wpanel/wpanel4-cms (Composer) Apr 1, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Unrestricted Upload of File with Dangerous Type in ShowDoc High
CVE-2022-1034 was published for showdoc/showdoc (Composer) Mar 23, 2022
pgAdmin 4 Path Traversal vulnerability Moderate
CVE-2022-0959 was published for pgadmin4 (pip) Mar 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database