GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
Critical
CVE-2018-9206
was published
for
blueimp-file-upload
(npm)
Oct 22, 2018
Unrestricted Upload of File with Dangerous Type in jquery-file-upload
Critical
CVE-2018-9207
was published
for
jquery-file-upload
(npm)
Dec 19, 2018
Unrestricted Upload of File with Dangerous Type in Strapi
Critical
CVE-2022-27263
was published
for
strapi
(npm)
Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS
Critical
CVE-2022-27260
was published
for
buttercms
(npm)
Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Payload
Critical
CVE-2022-27952
was published
for
payload
(npm)
Apr 13, 2022
Improper file handling in matrix-react-sdk
Moderate
CVE-2021-32622
was published
for
matrix-react-sdk
(npm)
Feb 10, 2022
Script injection
Moderate
CVE-2021-32661
was published
for
@backstage/plugin-techdocs
(npm)
Jun 4, 2021
Script injection
Moderate
CVE-2021-32660
was published
for
@backstage/techdocs-common
(npm)
Jun 4, 2021
Express-FileUpload Arbitrary File Overwrite
High
CVE-2022-27261
was published
for
express-fileupload
(npm)
Apr 13, 2022
Phishing attack vulnerability by uploading malicious HTML file
Moderate
CVE-2023-32689
was published
for
parse-server
(npm)
May 31, 2023
Strapi 4.1.12 Cross-site Scripting via crafted file
Moderate
CVE-2022-32114
was published
for
@strapi/strapi
(npm)
Jul 14, 2022
express-cart unrestricted file upload vulnerability
High
CVE-2018-3758
was published
for
express-cart
(npm)
May 13, 2022
PsiTransfer: Violation of the integrity of file distribution
Moderate
CVE-2024-31453
was published
for
psitransfer
(npm)
Apr 5, 2024
PsiTransfer: File integrity violation
Moderate
CVE-2024-31454
was published
for
psitransfer
(npm)
Apr 5, 2024
Formidable arbitrary file upload
Critical
CVE-2022-29622
was published
for
formidable
(npm)
May 17, 2022
•
withdrawn
NocoDB Allows Preview of Files with Dangerous Content
Moderate
CVE-2023-50717
was published
for
nocodb
(npm)
May 13, 2024
Withdrawn: Code execution via SVG file upload in tiddlywiki
Critical
CVE-2022-29351
was published
for
tiddlywiki
(npm)
May 17, 2022
•
withdrawn
Jan path traversal vulnerability
Critical
CVE-2024-36858
was published
for
@janhq/core
(npm)
Jun 4, 2024
VvvebJs Arbitrary File Upload vulnerability
Moderate
CVE-2024-29272
was published
for
vvvebJs
(npm)
Mar 22, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
angular-base64-upload vulnerable to unauthenticated remote code execution
Critical
CVE-2024-42640
was published
for
angular-base64-upload
(npm)
Oct 11, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
ProTip!
Advisories are also available from the
GraphQL API