Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

111 advisories

Loading
Command injection in Yamale High
CVE-2021-38305 was published for yamale (pip) Aug 11, 2021
Automad arbitrary file upload vulnerability High
CVE-2024-40400 was published for automad/automad (Composer) Jul 19, 2024
marcantondahmen
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2024-22393 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Livewire Remote Code Execution on File Uploads High
CVE-2024-47823 was published for livewire/livewire (Composer) Oct 8, 2024
angelej RChutchev
Path Traversal in Django High
CVE-2021-31542 was published for Django (pip) Jun 4, 2021
tdunlap607
Contao affected by remote command execution through file upload High
CVE-2024-45398 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. High
CVE-2021-40324 was published for cobbler (pip) Oct 5, 2021
Apache StreamPipes has potential remote code execution (RCE) via file upload High
CVE-2024-31411 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish fforootd
livio-a adlerhurst
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Unrestricted Upload of File with Dangerous Type Apache Tomcat High
CVE-2017-12617 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server High
CVE-2017-12615 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan JarLob
Grub4K
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability High
CVE-2024-36811 was published for aimeos/aimeos-core (Composer) Jun 7, 2024 withdrawn
aimeos
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-8h4m-r4wm-xj7r was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-f9hr-7cfq-mjg2 was published for typo3/cms-core (Composer) May 30, 2024
silverstripe/framework allows upload of dangerous file types High
GHSA-vcg6-8fxc-x5cq was published for silverstripe/framework (Composer) May 27, 2024
Magento Information Disclosure via File upload functionality High
CVE-2019-8093 was published for magento/community-edition (Composer) May 24, 2022
Magento Filter extension bypass via crafted store configuration keys High
CVE-2019-7912 was published for magento/community-edition (Composer) May 24, 2022
Unrestricted file uploads in Contao High
CVE-2019-19745 was published for contao/contao (Composer) Dec 17, 2019
Craft CMS PHP Code Injection Vulnerability High
CVE-2018-3814 was published for craftcms/cms (Composer) May 13, 2022
TYPO3 Arbitrary Code Execution High
CVE-2017-14251 was published for typo3/cms (Composer) May 17, 2022
SilverStripe Folders migrated from 3.x may be unsafe to upload to High
CVE-2020-9280 was published for silverstripe/assets (Composer) May 24, 2022
jQuery File Upload Plugin Unrestricted file upload vulnerability High
CVE-2014-8739 was published for blueimp/jquery-file-upload (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API