GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
74 advisories
Filter by severity
Automad arbitrary file upload vulnerability
High
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
Livewire Remote Code Execution on File Uploads
High
CVE-2024-47823
was published
for
livewire/livewire
(Composer)
Oct 8, 2024
Contao affected by remote command execution through file upload
High
CVE-2024-45398
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
Drupal core Unrestricted Upload of File with Dangerous Type
High
CVE-2020-13671
was published
for
drupal/core
(Composer)
Oct 12, 2021
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability
High
CVE-2024-36811
was published
for
aimeos/aimeos-core
(Composer)
Jun 7, 2024
•
withdrawn
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-8h4m-r4wm-xj7r
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-f9hr-7cfq-mjg2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
silverstripe/framework allows upload of dangerous file types
High
GHSA-vcg6-8fxc-x5cq
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Magento Information Disclosure via File upload functionality
High
CVE-2019-8093
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Filter extension bypass via crafted store configuration keys
High
CVE-2019-7912
was published
for
magento/community-edition
(Composer)
May 24, 2022
Unrestricted file uploads in Contao
High
CVE-2019-19745
was published
for
contao/contao
(Composer)
Dec 17, 2019
Craft CMS PHP Code Injection Vulnerability
High
CVE-2018-3814
was published
for
craftcms/cms
(Composer)
May 13, 2022
TYPO3 Arbitrary Code Execution
High
CVE-2017-14251
was published
for
typo3/cms
(Composer)
May 17, 2022
SilverStripe Folders migrated from 3.x may be unsafe to upload to
High
CVE-2020-9280
was published
for
silverstripe/assets
(Composer)
May 24, 2022
jQuery File Upload Plugin Unrestricted file upload vulnerability
High
CVE-2014-8739
was published
for
blueimp/jquery-file-upload
(Composer)
May 17, 2022
TeamPass arbitrary file upload vulnerability
High
CVE-2017-15054
was published
for
nilsteampassnet/teampass
(Composer)
May 17, 2022
Dolibarr Unrestricted Upload of File with Dangerous Type
High
CVE-2020-14209
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Pimcore Unrestricted Upload of File with Dangerous Type
High
CVE-2019-16318
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Moodle Unrestricted file upload vulnerability
High
CVE-2016-9187
was published
for
moodle/moodle
(Composer)
May 17, 2022
Bolt Unrestricted Upload of File with Dangerous Type
High
CVE-2019-9185
was published
for
bolt/bolt
(Composer)
May 13, 2022
FrozenNode Laravel-Administrator unrestricted file upload
High
CVE-2020-10963
was published
for
frozennode/administrator
(Composer)
May 24, 2022
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
High
CVE-2024-28105
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
October CMS Cross-site Scripting vulnerability
High
CVE-2023-25365
was published
for
october/october
(Composer)
Feb 9, 2024
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability
High
CVE-2023-1970
was published
for
yuan1994/tpadmin
(Composer)
Apr 10, 2023
ProTip!
Advisories are also available from the
GraphQL API