GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Critical
CVE-2024-38529
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
Cockpit CMS contains an arbitrary file upload vulenrability
Critical
CVE-2024-4825
was published
for
cockpit-hq/cockpit
(Composer)
May 14, 2024
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability
Critical
CVE-2018-9209
was published
for
fineuploader/php-traditional-server
(Composer)
May 14, 2022
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
Magento vulnerable to a file upload restriction bypass
Critical
CVE-2021-21014
was published
for
magento/community-edition
(Composer)
May 24, 2022
elFinder Unrestricted File Upload vulnerability
Critical
CVE-2021-43421
was published
for
studio-42/elfinder
(Composer)
Apr 8, 2022
fuadmin vulnerable to insecure file upload
Critical
CVE-2023-36097
was published
for
funadmin/funadmin
(Composer)
Jun 22, 2023
liufee CMS File Upload vulnerability
Critical
CVE-2020-21174
was published
for
feehi/cms
(Composer)
Jun 20, 2023
Liufee CMS File Upload vulnerability
Critical
CVE-2020-21489
was published
for
feehi/cms
(Composer)
Jun 20, 2023
October CMS File Upload Vulnerability
Critical
CVE-2017-1000194
was published
for
october/october
(Composer)
May 13, 2022
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
Magento 2 Community Edition RCE via Unsafe File Upload
Critical
CVE-2020-24407
was published
for
magento/community-edition
(Composer)
May 24, 2022
slub_events for Typo3 Arbitrary File Upload
Critical
CVE-2019-16700
was published
for
slub/slub-events
(Composer)
May 24, 2022
Elefant CMS Code Execution Vulnerability
Critical
CVE-2018-16974
was published
for
elefant/cms
(Composer)
May 14, 2022
ShopXO RCE Vulnerability
Critical
CVE-2021-27817
was published
for
shopxo/shopxo
(Composer)
May 24, 2022
RCE in Studio-42 elFinder on Windows before 2.1.61
Critical
CVE-2022-27115
was published
for
studio-42/elfinder
(Composer)
Apr 12, 2022
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type
Critical
CVE-2023-2034
was published
for
froxlor/froxlor
(Composer)
Apr 14, 2023
baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Critical
CVE-2023-25654
was published
for
baserproject/basercms
(Composer)
Mar 23, 2023
baserCMS allows any file to be uploaded
Critical
CVE-2023-25655
was published
for
baserproject/basercms
(Composer)
Mar 23, 2023
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type
Critical
CVE-2021-26642
was published
for
xpressengine/xpressengine
(Composer)
Jan 20, 2023
Unrestricted Upload of File with Dangerous Type in Drupal core
Critical
CVE-2020-13675
was published
for
drupal/core
(Composer)
Feb 12, 2022
FeehiCMS has an arbitrary file upload vulnerability
Critical
CVE-2020-21516
was published
for
feehi/cms
(Composer)
Sep 7, 2022
Unrestricted File Upload in ShowDoc v2.9.5
Critical
CVE-2021-36440
was published
for
showdoc/showdoc
(Composer)
Sep 9, 2021
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type
Critical
CVE-2022-38916
was published
for
pagekit/pagekit
(Composer)
Sep 21, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload
Critical
CVE-2022-3771
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
ProTip!
Advisories are also available from the
GraphQL API