Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,287 advisories

Loading
Remote code execution in verot/class.upload.php Critical
CVE-2019-19576 was published for verot/class.upload.php (Composer) Jan 16, 2020
Unrestricted upload of file with dangerous type in Apache Solr Critical
CVE-2019-12409 was published for org.apache.solr:solr-core (Maven) Jan 28, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions Critical
CVE-2019-19634 was published for verot/class.upload.php (Composer) Feb 28, 2020
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload Critical
CVE-2018-9206 was published for blueimp-file-upload (npm) Oct 22, 2018
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms Critical
CVE-2018-18830 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
Unrestricted Upload of File with Dangerous Type in jquery-file-upload Critical
CVE-2018-9207 was published for jquery-file-upload (npm) Dec 19, 2018
Infinite loop in .Net Bond High
CVE-2020-1469 was published for Bond.Core.CSharp (NuGet) Apr 8, 2022
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15645 was published May 24, 2022
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and... High Unreviewed
CVE-2022-42287 was published Jan 13, 2023
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal... High Unreviewed
CVE-2019-13359 was published May 24, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed
CVE-2022-24651 was published Mar 11, 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed
CVE-2022-24652 was published Mar 11, 2022
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 ... High Unreviewed
CVE-2021-43970 was published Mar 11, 2022
Unrestricted Upload of File with Dangerous Type in Microweber Moderate
CVE-2022-0921 was published for microweber/microweber (Composer) Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber Moderate
CVE-2022-0912 was published for microweber/microweber (Composer) Mar 12, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius Moderate
CVE-2022-24749 was published for Sylius/Sylius (Composer) Mar 14, 2022
Ocramius
With administrator or admin privileges the application can be tricked into overwriting files in... High Unreviewed
CVE-2022-24387 was published Mar 15, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc Moderate
CVE-2022-0951 was published for showdoc/showdoc (Composer) Mar 16, 2022
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin... Critical Unreviewed
CVE-2022-25487 was published Mar 16, 2022
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to... Critical Unreviewed
CVE-2022-25495 was published Mar 16, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS Critical
CVE-2021-42171 was published for tribalsystems/zenario (Composer) Mar 15, 2022
Cross-site Scripting in ShowDoc Moderate
CVE-2022-0950 was published for showdoc/showdoc (Composer) Mar 16, 2022
ProTip! Advisories are also available from the GraphQL API