Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

139 advisories

Loading
Unrestricted file uploads in Contao High
CVE-2019-19745 was published for contao/contao (Composer) Dec 17, 2019
Remote code execution in verot/class.upload.php Critical
CVE-2019-19576 was published for verot/class.upload.php (Composer) Jan 16, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions Critical
CVE-2019-19634 was published for verot/class.upload.php (Composer) Feb 28, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
Broken Access Control in Form Framework High
CVE-2021-21357 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi waldhacker1
elFinder unsafe upload filtering leading to remote code execution High
CVE-2021-23394 was published for studio-42/elfinder (Composer) Jun 15, 2021
assaf-benjosef thomas-chauchefoin-sonarsource
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows High
CVE-2021-34551 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
Arbitrary file upload in Fork CMS High
CVE-2021-28931 was published for forkcms/forkcms (Composer) Sep 8, 2021
Unrestricted File Upload in ShowDoc v2.9.5 Critical
CVE-2021-36440 was published for showdoc/showdoc (Composer) Sep 9, 2021
Arbitrary Code Execution in feehi/cms High
CVE-2020-21322 was published for feehi/cms (Composer) Sep 20, 2021
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
Unrestricted Uploads in Concrete5 High
CVE-2020-11476 was published for concrete5/concrete5 (Composer) Nov 3, 2021
tdunlap607
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2021-3915 was published for ssddanbrown/bookstack (Composer) Nov 15, 2021
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content. Moderate
CVE-2021-43617 was published for laravel/framework (Composer) Nov 16, 2021 withdrawn
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager Moderate
CVE-2021-23814 was published for unisharp/laravel-filemanager (Composer) Jan 6, 2022
streamtw
Unrestricted Upload of File with Dangerous Type in pimcore High
CVE-2022-0263 was published for pimcore/pimcore (Composer) Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in Crater High
CVE-2022-0242 was published for bytefury/crater (Composer) Jan 21, 2022
crater is vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2021-4080 was published for bytefury/crater (Composer) Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom Moderate
CVE-2022-0472 was published for jsdecena/laracom (Composer) Feb 6, 2022
Unrestricted Uploads in Concrete5 Moderate
CVE-2020-14961 was published for concrete5/concrete5 (Composer) Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
Unrestricted Upload of File with Dangerous Type in showdoc High
CVE-2022-0409 was published for showdoc/showdoc (Composer) Feb 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database