GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Remote code execution in verot/class.upload.php
Critical
CVE-2019-19576
was published
for
verot/class.upload.php
(Composer)
Jan 16, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Unrestricted File Upload in ShowDoc v2.9.5
Critical
CVE-2021-36440
was published
for
showdoc/showdoc
(Composer)
Sep 9, 2021
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
Unrestricted Upload of File with Dangerous Type in Drupal core
Critical
CVE-2020-13675
was published
for
drupal/core
(Composer)
Feb 12, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Critical
CVE-2021-42171
was published
for
tribalsystems/zenario
(Composer)
Mar 15, 2022
elFinder Unrestricted File Upload vulnerability
Critical
CVE-2021-43421
was published
for
studio-42/elfinder
(Composer)
Apr 8, 2022
RCE in Studio-42 elFinder on Windows before 2.1.61
Critical
CVE-2022-27115
was published
for
studio-42/elfinder
(Composer)
Apr 12, 2022
October CMS File Upload Vulnerability
Critical
CVE-2017-1000194
was published
for
october/october
(Composer)
May 13, 2022
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability
Critical
CVE-2018-9209
was published
for
fineuploader/php-traditional-server
(Composer)
May 14, 2022
Elefant CMS Code Execution Vulnerability
Critical
CVE-2018-16974
was published
for
elefant/cms
(Composer)
May 14, 2022
slub_events for Typo3 Arbitrary File Upload
Critical
CVE-2019-16700
was published
for
slub/slub-events
(Composer)
May 24, 2022
Magento 2 Community Edition RCE via Unsafe File Upload
Critical
CVE-2020-24407
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento vulnerable to a file upload restriction bypass
Critical
CVE-2021-21014
was published
for
magento/community-edition
(Composer)
May 24, 2022
ShopXO RCE Vulnerability
Critical
CVE-2021-27817
was published
for
shopxo/shopxo
(Composer)
May 24, 2022
FeehiCMS has an arbitrary file upload vulnerability
Critical
CVE-2020-21516
was published
for
feehi/cms
(Composer)
Sep 7, 2022
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type
Critical
CVE-2022-38916
was published
for
pagekit/pagekit
(Composer)
Sep 21, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload
Critical
CVE-2022-41711
was published
for
badaso/core
(Composer)
Oct 26, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload
Critical
CVE-2022-3771
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
Badaso vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-41705
was published
for
badaso/core
(Composer)
Nov 25, 2022
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type
Critical
CVE-2021-26642
was published
for
xpressengine/xpressengine
(Composer)
Jan 20, 2023
baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Critical
CVE-2023-25654
was published
for
baserproject/basercms
(Composer)
Mar 23, 2023
baserCMS allows any file to be uploaded
Critical
CVE-2023-25655
was published
for
baserproject/basercms
(Composer)
Mar 23, 2023
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type
Critical
CVE-2023-2034
was published
for
froxlor/froxlor
(Composer)
Apr 14, 2023
ProTip!
Advisories are also available from the
GraphQL API