Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

111 advisories

Loading
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
Infinite loop in .Net Bond High
CVE-2020-1469 was published for Bond.Core.CSharp (NuGet) Apr 8, 2022
Unrestricted Upload of File with Dangerous Type in ShowDoc High
CVE-2022-1034 was published for showdoc/showdoc (Composer) Mar 23, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Unrestricted Upload of File with Dangerous Type in WPanel 4 High
CVE-2021-34257 was published for wpanel/wpanel4-cms (Composer) Apr 1, 2022
Arbitrary command execution in Minidoc High
CVE-2022-29637 was published for github.com/mindoc-org/mindoc (Go) May 27, 2022
JFinal file validation vulnerability High
CVE-2019-17352 was published for com.jfinal:jfinal (Maven) May 25, 2022
Arbitrary file upload in ShopXO High
CVE-2021-41938 was published for shopxo/shopxo (Composer) May 20, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39149 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39154 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ka1n4t
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager High
CVE-2019-16530 was published for org.sonatype.nexus:nexus-repository (Maven) May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Unrestricted Attachment Upload High
CVE-2022-2111 was published for inventree (pip) Jun 17, 2022
saharshtapi
Unrestricted Upload of File with Dangerous Type in Elefant CMS High
CVE-2017-20063 was published for elefant/cms (Composer) Jun 21, 2022
Feehi CMS arbitrary code execution via crafted PHP file High
CVE-2022-34971 was published for feehi/cms (Composer) Jul 28, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
elFinder unsafe upload filtering leading to remote code execution High
CVE-2021-23394 was published for studio-42/elfinder (Composer) Jun 15, 2021
assaf-benjosef thomas-chauchefoin-sonarsource
AList vulnerable to Improper Preservation of Permissions High
CVE-2022-45968 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
Arbitrary file upload in Fork CMS High
CVE-2021-28931 was published for forkcms/forkcms (Composer) Sep 8, 2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2021-3915 was published for ssddanbrown/bookstack (Composer) Nov 15, 2021
Arbitrary Code Execution in feehi/cms High
CVE-2020-21322 was published for feehi/cms (Composer) Sep 20, 2021
Microweber vulnerable to unrestricted malicious uploads High
CVE-2022-4732 was published for microweber/microweber (Composer) Dec 27, 2022
Thinkphp has a code logic error High
CVE-2022-44289 was published for topthink/framework (Composer) Dec 6, 2022
Arbitrary file write in net.mingsoft:ms-mcms High
CVE-2022-47042 was published for net.mingsoft:ms-mcms (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API