GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
74 advisories
Filter by severity
Unrestricted file uploads in Contao
High
CVE-2019-19745
was published
for
contao/contao
(Composer)
Dec 17, 2019
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Arbitrary file upload in Fork CMS
High
CVE-2021-28931
was published
for
forkcms/forkcms
(Composer)
Sep 8, 2021
Arbitrary Code Execution in feehi/cms
High
CVE-2020-21322
was published
for
feehi/cms
(Composer)
Sep 20, 2021
Drupal core Unrestricted Upload of File with Dangerous Type
High
CVE-2020-13671
was published
for
drupal/core
(Composer)
Oct 12, 2021
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-3915
was published
for
ssddanbrown/bookstack
(Composer)
Nov 15, 2021
Unrestricted Upload of File with Dangerous Type in pimcore
High
CVE-2022-0263
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in Crater
High
CVE-2022-0242
was published
for
bytefury/crater
(Composer)
Jan 21, 2022
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-4080
was published
for
bytefury/crater
(Composer)
Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in showdoc
High
CVE-2022-0409
was published
for
showdoc/showdoc
(Composer)
Feb 20, 2022
File upload restriction bypass in Zenario CMS
High
CVE-2022-23043
was published
for
tribalsystems/zenario
(Composer)
Feb 25, 2022
Unrestricted Upload of File with Dangerous Type in MODX Revolution
High
CVE-2022-26149
was published
for
modx/revolution
(Composer)
Feb 27, 2022
Unrestricted Upload of File with Dangerous Type in Croogo
High
CVE-2021-44673
was published
for
croogo/croogo
(Composer)
Mar 11, 2022
Unrestricted Upload of File with Dangerous Type in ShowDoc
High
CVE-2022-1034
was published
for
showdoc/showdoc
(Composer)
Mar 23, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4
High
CVE-2021-34257
was published
for
wpanel/wpanel4-cms
(Composer)
Apr 1, 2022
TYPO3 Arbitrary Code Execution vulnerability on the backend
High
CVE-2010-3663
was published
for
typo3/cms-backend
(Composer)
Apr 21, 2022
Subrion CMS RCE Vulnerability
High
CVE-2018-19422
was published
for
intelliants/subrion
(Composer)
May 13, 2022
Bolt Unrestricted Upload of File with Dangerous Type
High
CVE-2019-9185
was published
for
bolt/bolt
(Composer)
May 13, 2022
RCE in baserCMS before 4.1.4
High
CVE-2018-18942
was published
for
baserproject/basercms
(Composer)
May 13, 2022
Craft CMS PHP Code Injection Vulnerability
High
CVE-2018-3814
was published
for
craftcms/cms
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API