GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,503 advisories
Filter by severity
Remote code execution in verot/class.upload.php
Critical
CVE-2019-19576
was published
for
verot/class.upload.php
(Composer)
Jan 16, 2020
Unrestricted upload of file with dangerous type in Apache Solr
Critical
CVE-2019-12409
was published
for
org.apache.solr:solr-core
(Maven)
Jan 28, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
Critical
CVE-2018-9206
was published
for
blueimp-file-upload
(npm)
Oct 22, 2018
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms
Critical
CVE-2018-18830
was published
for
net.mingsoft:ms-mcms
(Maven)
Nov 1, 2018
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Unrestricted Upload of File with Dangerous Type in jquery-file-upload
Critical
CVE-2018-9207
was published
for
jquery-file-upload
(npm)
Dec 19, 2018
Infinite loop in .Net Bond
High
CVE-2020-1469
was published
for
Bond.Core.CSharp
(NuGet)
Apr 8, 2022
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Moderate
CVE-2020-26255
was published
for
getkirby/cms
(Composer)
Dec 8, 2020
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2020-15645
was published
May 24, 2022
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and...
High
Unreviewed
CVE-2022-42287
was published
Jan 13, 2023
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal...
High
Unreviewed
CVE-2019-13359
was published
May 24, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized...
Critical
Unreviewed
CVE-2022-24651
was published
Mar 11, 2022
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 ...
High
Unreviewed
CVE-2021-43970
was published
Mar 11, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized...
Critical
Unreviewed
CVE-2022-24652
was published
Mar 11, 2022
Unrestricted Upload of File with Dangerous Type in Microweber
Moderate
CVE-2022-0921
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber
Moderate
CVE-2022-0912
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Moderate
CVE-2022-24749
was published
for
Sylius/Sylius
(Composer)
Mar 14, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-25495
was published
Mar 16, 2022
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0951
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Critical
CVE-2021-42171
was published
for
tribalsystems/zenario
(Composer)
Mar 15, 2022
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin...
Critical
Unreviewed
CVE-2022-25487
was published
Mar 16, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0950
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows...
Critical
Unreviewed
CVE-2021-45040
was published
Mar 18, 2022
ProTip!
Advisories are also available from the
GraphQL API