GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
455 advisories
Filter by severity
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Moderate
CVE-2020-26255
was published
for
getkirby/cms
(Composer)
Dec 8, 2020
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21344
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21346
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21347
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21350
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21351
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Script injection
Moderate
CVE-2021-32661
was published
for
@backstage/plugin-techdocs
(npm)
Jun 4, 2021
Script injection
Moderate
CVE-2021-32660
was published
for
@backstage/techdocs-common
(npm)
Jun 4, 2021
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
Moderate
CVE-2020-9472
was published
for
UmbracoCms
(NuGet)
Aug 2, 2021
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
Moderate
CVE-2021-43617
was published
for
laravel/framework
(Composer)
Nov 16, 2021
•
withdrawn
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Moderate
CVE-2021-23814
was published
for
unisharp/laravel-filemanager
(Composer)
Jan 6, 2022
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management...
Moderate
Unreviewed
CVE-2021-46078
was published
Jan 7, 2022
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before...
Moderate
Unreviewed
CVE-2022-23026
was published
Jan 26, 2022
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Moderate
CVE-2022-0472
was published
for
jsdecena/laracom
(Composer)
Feb 6, 2022
Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP
Moderate
CVE-2020-15839
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 10, 2022
Unrestricted Uploads in Concrete5
Moderate
CVE-2020-14961
was published
for
concrete5/concrete5
(Composer)
Feb 10, 2022
Improper file handling in matrix-react-sdk
Moderate
CVE-2021-32622
was published
for
matrix-react-sdk
(npm)
Feb 10, 2022
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress...
Moderate
Unreviewed
CVE-2021-24960
was published
Mar 8, 2022
Unrestricted Upload of File with Dangerous Type in Microweber
Moderate
CVE-2022-0921
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber
Moderate
CVE-2022-0912
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Moderate
CVE-2022-24749
was published
for
Sylius/Sylius
(Composer)
Mar 14, 2022
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0951
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0950
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
pgAdmin 4 Path Traversal vulnerability
Moderate
CVE-2022-0959
was published
for
pgadmin4
(pip)
Mar 17, 2022
ProTip!
Advisories are also available from the
GraphQL API