GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,069 advisories
Filter by severity
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
High
CVE-2017-12615
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Unrestricted file uploads in Contao
High
CVE-2019-19745
was published
for
contao/contao
(Composer)
Dec 17, 2019
Circumvention of file size limits in ActiveStorage
High
CVE-2020-8162
was published
for
activestorage
(RubyGems)
May 26, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Arbitrary file upload in Fork CMS
High
CVE-2021-28931
was published
for
forkcms/forkcms
(Composer)
Sep 8, 2021
Arbitrary Code Execution in feehi/cms
High
CVE-2020-21322
was published
for
feehi/cms
(Composer)
Sep 20, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
High
CVE-2021-40324
was published
for
cobbler
(pip)
Oct 5, 2021
Drupal core Unrestricted Upload of File with Dangerous Type
High
CVE-2020-13671
was published
for
drupal/core
(Composer)
Oct 12, 2021
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-3915
was published
for
ssddanbrown/bookstack
(Composer)
Nov 15, 2021
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could...
High
Unreviewed
CVE-2021-44094
was published
Nov 29, 2021
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s...
High
Unreviewed
CVE-2021-42123
was published
Dec 1, 2021
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute...
High
Unreviewed
CVE-2020-29176
was published
Dec 4, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42125
was published
Dec 8, 2021
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report...
High
Unreviewed
CVE-2021-21957
was published
Dec 9, 2021
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The...
High
Unreviewed
CVE-2021-36719
was published
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API