Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

59 advisories

Loading
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
Pygments vulnerable to ReDoS Moderate
CVE-2022-40896 was published for Pygments (pip) Jul 19, 2023
MoinMoin Multiple unrestricted file upload vulnerabilities Moderate
CVE-2012-6081 was published for moin (pip) May 17, 2022
FeehiCMS User[avatar] unrestricted upload Moderate
CVE-2024-8296 was published for feehi/cms (Composer) Aug 29, 2024
FeehiCMS BannerForm[img] unrestricted upload Moderate
CVE-2024-8295 was published for feehi/cms (Composer) Aug 29, 2024
FeehiCMS file upload vulnerability Moderate
CVE-2024-8294 was published for feehi/cms (Composer) Aug 29, 2024
Withdrawn Advisory: Unrestricted File Upload affecting automad Moderate
CVE-2023-7036 was published for automad/automad (Composer) Dec 21, 2023 withdrawn
marcantondahmen
VvvebJs Arbitrary File Upload vulnerability Moderate
CVE-2024-29272 was published for vvvebJs (npm) Mar 22, 2024
Drupal Malicious file upload with filenames stating with dot Moderate
GHSA-58xv-7h9r-mx3c was published for drupal/drupal (Composer) May 15, 2024
Drupal core unrestricted file upload Moderate
GHSA-7gwj-7fhm-vw4w was published for drupal/core (Composer) May 15, 2024
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Drupal Settings Tray access bypass Moderate
CVE-2017-6931 was published for drupal/core (Composer) May 13, 2022
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager Moderate
CVE-2021-23814 was published for unisharp/laravel-filemanager (Composer) Jan 6, 2022
streamtw
PsiTransfer: File integrity violation Moderate
CVE-2024-31454 was published for psitransfer (npm) Apr 5, 2024
onelovegg1
PsiTransfer: Violation of the integrity of file distribution Moderate
CVE-2024-31453 was published for psitransfer (npm) Apr 5, 2024
onelovegg1
Strapi 4.1.12 Cross-site Scripting via crafted file Moderate
CVE-2022-32114 was published for @strapi/strapi (npm) Jul 14, 2022
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts Moderate
GHSA-9j39-4686-m3c4 was published for ibexa/core (Composer) Mar 20, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts Moderate
GHSA-mwvh-p3hx-x4gg was published for ezsystems/ezplatform-kernel (Composer) Mar 20, 2024
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets Moderate
CVE-2023-50386 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
TYPO3 Unrestricted File Upload vulnerability Moderate
CVE-2008-2717 was published for typo3/cms-core (Composer) May 1, 2022
Symfony Path Disclosure Moderate
CVE-2018-19789 was published for symfony/form (Composer) May 14, 2022
Magento Unrestricted file upload vulnerability Moderate
CVE-2019-8140 was published for magento/community-edition (Composer) May 24, 2022
class.upload.php allows cross-site scripting attacks via uploaded files Moderate
CVE-2023-6551 was published for verot/class.upload.php (Composer) Jan 4, 2024
Gradio arbitrary file upload vulnerability Moderate
CVE-2023-41626 was published for gradio (pip) Sep 16, 2023
ConcreteCMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-44763 was published for concrete5/concrete5 (Composer) Oct 10, 2023
ProTip! Advisories are also available from the GraphQL API