GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,719
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
django Filer Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2024-11404
was published
for
django-filer
(pip)
Nov 20, 2024
FeehiCMS User[avatar] unrestricted upload
Moderate
CVE-2024-8296
was published
for
feehi/cms
(Composer)
Aug 29, 2024
FeehiCMS BannerForm[img] unrestricted upload
Moderate
CVE-2024-8295
was published
for
feehi/cms
(Composer)
Aug 29, 2024
FeehiCMS file upload vulnerability
Moderate
CVE-2024-8294
was published
for
feehi/cms
(Composer)
Aug 29, 2024
Drupal Malicious file upload with filenames stating with dot
Moderate
GHSA-58xv-7h9r-mx3c
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core unrestricted file upload
Moderate
GHSA-7gwj-7fhm-vw4w
was published
for
drupal/core
(Composer)
May 15, 2024
NocoDB Allows Preview of Files with Dangerous Content
Moderate
CVE-2023-50717
was published
for
nocodb
(npm)
May 13, 2024
PsiTransfer: File integrity violation
Moderate
CVE-2024-31454
was published
for
psitransfer
(npm)
Apr 5, 2024
PsiTransfer: Violation of the integrity of file distribution
Moderate
CVE-2024-31453
was published
for
psitransfer
(npm)
Apr 5, 2024
VvvebJs Arbitrary File Upload vulnerability
Moderate
CVE-2024-29272
was published
for
vvvebJs
(npm)
Mar 22, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Moderate
GHSA-9j39-4686-m3c4
was published
for
ibexa/core
(Composer)
Mar 20, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Moderate
GHSA-mwvh-p3hx-x4gg
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 20, 2024
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Moderate
CVE-2023-50386
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
class.upload.php allows cross-site scripting attacks via uploaded files
Moderate
CVE-2023-6551
was published
for
verot/class.upload.php
(Composer)
Jan 4, 2024
Withdrawn Advisory: Unrestricted File Upload affecting automad
Moderate
CVE-2023-7036
was published
for
automad/automad
(Composer)
Dec 21, 2023
•
withdrawn
ConcreteCMS vulnerable to Stored Cross-site Scripting
Moderate
CVE-2023-44763
was published
for
concrete5/concrete5
(Composer)
Oct 10, 2023
phpMyFAQ allows unrestricted file types in image field
Moderate
CVE-2023-5227
was published
for
thorsten/phpmyfaq
(Composer)
Sep 30, 2023
Gradio arbitrary file upload vulnerability
Moderate
CVE-2023-41626
was published
for
gradio
(pip)
Sep 16, 2023
Cockpit CMS arbitrary file upload vulnerability
Moderate
CVE-2023-41564
was published
for
cockpit-hq/cockpit
(Composer)
Sep 9, 2023
Admidio vulnerable to Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2023-3692
was published
for
admidio/admidio
(Composer)
Jul 16, 2023
jeecg-boot unrestricted file upload vulnerability
Moderate
CVE-2023-34660
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Jun 16, 2023
Phishing attack vulnerability by uploading malicious HTML file
Moderate
CVE-2023-32689
was published
for
parse-server
(npm)
May 31, 2023
kiwitcms vulnerable to stored XSS via unrestricted files upload
Moderate
CVE-2023-32686
was published
for
kiwitcms
(pip)
May 22, 2023
Pimcore contains Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2023-23937
was published
for
pimcore/pimcore
(Composer)
Feb 2, 2023
ProTip!
Advisories are also available from the
GraphQL API