Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

65 advisories

Loading
Dataease v1.11.1 SQL Injection via parameter dataSourceId Critical
CVE-2022-34115 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
Octobot mishandles Tentacles upload Critical
CVE-2021-36711 was published for OctoBot (pip) Jul 17, 2022
Unrestricted Upload of File with Dangerous Type in MCMS Critical
CVE-2022-31943 was published for net.mingsoft:ms-mcms (Maven) Jul 2, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Jeecg-Boot CMS arbitrary file upload vulnerability Critical
CVE-2020-28088 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) May 24, 2022
ShopXO RCE Vulnerability Critical
CVE-2021-27817 was published for shopxo/shopxo (Composer) May 24, 2022
Magento vulnerable to a file upload restriction bypass Critical
CVE-2021-21014 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE via Unsafe File Upload Critical
CVE-2020-24407 was published for magento/community-edition (Composer) May 24, 2022
slub_events for Typo3 Arbitrary File Upload Critical
CVE-2019-16700 was published for slub/slub-events (Composer) May 24, 2022
Publify vulnerable to cross site scripting Critical
CVE-2022-1811 was published for publify_core (RubyGems) May 24, 2022
Formidable arbitrary file upload Critical
CVE-2022-29622 was published for formidable (npm) May 17, 2022 withdrawn
Withdrawn: Code execution via SVG file upload in tiddlywiki Critical
CVE-2022-29351 was published for tiddlywiki (npm) May 17, 2022 withdrawn
Elefant CMS Code Execution Vulnerability Critical
CVE-2018-16974 was published for elefant/cms (Composer) May 14, 2022
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability Critical
CVE-2018-9209 was published for fineuploader/php-traditional-server (Composer) May 14, 2022
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
October CMS File Upload Vulnerability Critical
CVE-2017-1000194 was published for october/october (Composer) May 13, 2022
daftspunk
Unrestricted Upload of File with Dangerous Type in Strapi Critical
CVE-2022-27263 was published for strapi (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS Critical
CVE-2022-27260 was published for buttercms (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-27139 was published for ghost (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Payload Critical
CVE-2022-27952 was published for payload (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-28397 was published for ghost (npm) Apr 13, 2022
RCE in Studio-42 elFinder on Windows before 2.1.61 Critical
CVE-2022-27115 was published for studio-42/elfinder (Composer) Apr 12, 2022
elFinder Unrestricted File Upload vulnerability Critical
CVE-2021-43421 was published for studio-42/elfinder (Composer) Apr 8, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS Critical
CVE-2021-42171 was published for tribalsystems/zenario (Composer) Mar 15, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database