GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,015
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
74 advisories
Filter by severity
Livewire Remote Code Execution on File Uploads
High
CVE-2024-47823
was published
for
livewire/livewire
(Composer)
Oct 8, 2024
Contao affected by remote command execution through file upload
High
CVE-2024-45398
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Automad arbitrary file upload vulnerability
High
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability
High
CVE-2024-36811
was published
for
aimeos/aimeos-core
(Composer)
Jun 7, 2024
•
withdrawn
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-8h4m-r4wm-xj7r
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-f9hr-7cfq-mjg2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
silverstripe/framework allows upload of dangerous file types
High
GHSA-vcg6-8fxc-x5cq
was published
for
silverstripe/framework
(Composer)
May 27, 2024
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
High
CVE-2024-28105
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
October CMS Cross-site Scripting vulnerability
High
CVE-2023-25365
was published
for
october/october
(Composer)
Feb 9, 2024
ThinkAdmin arbitrary file upload vulnerability
High
CVE-2023-48966
was published
for
zoujingli/thinkadmin
(Composer)
Dec 4, 2023
Microweber file upload vulnerability
High
CVE-2023-49052
was published
for
microweber/microweber
(Composer)
Nov 30, 2023
Statamic CMS vulnerable to remote code execution via form uploads
High
CVE-2023-48217
was published
for
statamic/cms
(Composer)
Nov 14, 2023
Guest Entries Remote code execution via file uploads
High
CVE-2023-47621
was published
for
doublethreedigital/guest-entries
(Composer)
Nov 14, 2023
Statamic CMS remote code execution via front-end form uploads
High
CVE-2023-47129
was published
for
statamic/cms
(Composer)
Nov 12, 2023
Economizzer remote code execution vulnerability
High
CVE-2023-38874
was published
for
gugoan/economizzer
(Composer)
Sep 28, 2023
File Upload vulnerability in Dolibarr ERP CRM
High
CVE-2023-38887
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability
High
CVE-2023-1970
was published
for
yuan1994/tpadmin
(Composer)
Apr 10, 2023
Uvdesk remote code execution vulnerability
High
CVE-2023-0265
was published
for
uvdesk/community-skeleton
(Composer)
Apr 5, 2023
cockpit-hq/cockpit is vulnerable to unrestricted file uploads
High
CVE-2023-1313
was published
for
cockpit-hq/cockpit
(Composer)
Mar 10, 2023
laravel-admin has Arbitrary File Upload vulnerability
High
CVE-2023-24249
was published
for
encore/laravel-admin
(Composer)
Feb 27, 2023
DataFlow upload remote code execution vulnerability
High
CVE-2021-41231
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Microweber vulnerable to unrestricted malicious uploads
High
CVE-2022-4732
was published
for
microweber/microweber
(Composer)
Dec 27, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution
High
CVE-2022-46157
was published
for
akeneo/pim-community-dev
(Composer)
Dec 9, 2022
Thinkphp has a code logic error
High
CVE-2022-44289
was published
for
topthink/framework
(Composer)
Dec 6, 2022
ProTip!
Advisories are also available from the
GraphQL API