GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,470 advisories
Filter by severity
Rubyzip gem contains a Directory Traversal vulnerability in zip file component
Critical
CVE-2018-1000544
was published
for
rubyzip
(RubyGems)
Sep 6, 2018
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
High
CVE-2017-12615
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
Critical
CVE-2018-9206
was published
for
blueimp-file-upload
(npm)
Oct 22, 2018
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms
Critical
CVE-2018-18830
was published
for
net.mingsoft:ms-mcms
(Maven)
Nov 1, 2018
Unrestricted Upload of File with Dangerous Type in jquery-file-upload
Critical
CVE-2018-9207
was published
for
jquery-file-upload
(npm)
Dec 19, 2018
Unrestricted file uploads in Contao
High
CVE-2019-19745
was published
for
contao/contao
(Composer)
Dec 17, 2019
Remote code execution in verot/class.upload.php
Critical
CVE-2019-19576
was published
for
verot/class.upload.php
(Composer)
Jan 16, 2020
Unrestricted upload of file with dangerous type in Apache Solr
Critical
CVE-2019-12409
was published
for
org.apache.solr:solr-core
(Maven)
Jan 28, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Circumvention of file size limits in ActiveStorage
High
CVE-2020-8162
was published
for
activestorage
(RubyGems)
May 26, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Moderate
CVE-2020-26255
was published
for
getkirby/cms
(Composer)
Dec 8, 2020
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21344
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21346
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21347
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21350
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21351
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Script injection
Moderate
CVE-2021-32661
was published
for
@backstage/plugin-techdocs
(npm)
Jun 4, 2021
Script injection
Moderate
CVE-2021-32660
was published
for
@backstage/techdocs-common
(npm)
Jun 4, 2021
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
Moderate
CVE-2020-9472
was published
for
UmbracoCms
(NuGet)
Aug 2, 2021
ProTip!
Advisories are also available from the
GraphQL API