GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Moderate
CVE-2020-26255
was published
for
getkirby/cms
(Composer)
Dec 8, 2020
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
Moderate
CVE-2021-43617
was published
for
laravel/framework
(Composer)
Nov 16, 2021
•
withdrawn
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Moderate
CVE-2021-23814
was published
for
unisharp/laravel-filemanager
(Composer)
Jan 6, 2022
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Moderate
CVE-2022-0472
was published
for
jsdecena/laracom
(Composer)
Feb 6, 2022
Unrestricted Uploads in Concrete5
Moderate
CVE-2020-14961
was published
for
concrete5/concrete5
(Composer)
Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in Microweber
Moderate
CVE-2022-0921
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber
Moderate
CVE-2022-0912
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Moderate
CVE-2022-24749
was published
for
Sylius/Sylius
(Composer)
Mar 14, 2022
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0951
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0950
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
TYPO3 Unrestricted File Upload vulnerability
Moderate
CVE-2008-2717
was published
for
typo3/cms-core
(Composer)
May 1, 2022
Unrestricted Upload of File with Dangerous Type in yetiforce-crm
Moderate
CVE-2022-1411
was published
for
yetiforce/yetiforce-crm
(Composer)
May 6, 2022
Drupal Settings Tray access bypass
Moderate
CVE-2017-6931
was published
for
drupal/core
(Composer)
May 13, 2022
Symfony Path Disclosure
Moderate
CVE-2018-19789
was published
for
symfony/form
(Composer)
May 14, 2022
baserCMS arbitrary file upload vulnerability
Moderate
CVE-2018-0571
was published
for
baserproject/basercms
(Composer)
May 14, 2022
Magento Unrestricted file upload vulnerability
Moderate
CVE-2019-8140
was published
for
magento/community-edition
(Composer)
May 24, 2022
FeehiCMS Unrestricted Upload vulnerability
Moderate
CVE-2021-36573
was published
for
feehi/feehicms
(Composer)
Dec 15, 2022
Pimcore contains Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2023-23937
was published
for
pimcore/pimcore
(Composer)
Feb 2, 2023
Admidio vulnerable to Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2023-3692
was published
for
admidio/admidio
(Composer)
Jul 16, 2023
Cockpit CMS arbitrary file upload vulnerability
Moderate
CVE-2023-41564
was published
for
cockpit-hq/cockpit
(Composer)
Sep 9, 2023
phpMyFAQ allows unrestricted file types in image field
Moderate
CVE-2023-5227
was published
for
thorsten/phpmyfaq
(Composer)
Sep 30, 2023
ConcreteCMS vulnerable to Stored Cross-site Scripting
Moderate
CVE-2023-44763
was published
for
concrete5/concrete5
(Composer)
Oct 10, 2023
Withdrawn Advisory: Unrestricted File Upload affecting automad
Moderate
CVE-2023-7036
was published
for
automad/automad
(Composer)
Dec 21, 2023
•
withdrawn
class.upload.php allows cross-site scripting attacks via uploaded files
Moderate
CVE-2023-6551
was published
for
verot/class.upload.php
(Composer)
Jan 4, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Moderate
GHSA-mwvh-p3hx-x4gg
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 20, 2024
ProTip!
Advisories are also available from the
GraphQL API