GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,487 advisories
Filter by severity
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy
Critical
CVE-2020-18704
was published
for
django-widgy
(pip)
Aug 30, 2021
Arbitrary file upload in Fork CMS
High
CVE-2021-28931
was published
for
forkcms/forkcms
(Composer)
Sep 8, 2021
Unrestricted File Upload in ShowDoc v2.9.5
Critical
CVE-2021-36440
was published
for
showdoc/showdoc
(Composer)
Sep 9, 2021
Arbitrary Code Execution in feehi/cms
High
CVE-2020-21322
was published
for
feehi/cms
(Composer)
Sep 20, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
High
CVE-2021-40324
was published
for
cobbler
(pip)
Oct 5, 2021
Drupal core Unrestricted Upload of File with Dangerous Type
High
CVE-2020-13671
was published
for
drupal/core
(Composer)
Oct 12, 2021
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-3915
was published
for
ssddanbrown/bookstack
(Composer)
Nov 15, 2021
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
Moderate
CVE-2021-43617
was published
for
laravel/framework
(Composer)
Nov 16, 2021
•
withdrawn
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could...
High
Unreviewed
CVE-2021-44094
was published
Nov 29, 2021
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
Critical
Unreviewed
CVE-2021-42099
was published
Dec 1, 2021
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s...
High
Unreviewed
CVE-2021-42123
was published
Dec 1, 2021
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute...
High
Unreviewed
CVE-2020-29176
was published
Dec 4, 2021
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI...
Critical
Unreviewed
CVE-2021-43936
was published
Dec 7, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42125
was published
Dec 8, 2021
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report...
High
Unreviewed
CVE-2021-21957
was published
Dec 9, 2021
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The...
High
Unreviewed
CVE-2021-36719
was published
Dec 9, 2021
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior...
High
Unreviewed
CVE-2021-27860
was published
Dec 9, 2021
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading...
High
Unreviewed
CVE-2021-27984
was published
Dec 11, 2021
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution...
Critical
Unreviewed
CVE-2021-43117
was published
Dec 14, 2021
ProTip!
Advisories are also available from the
GraphQL API