Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Loading
Livewire Remote Code Execution on File Uploads High
CVE-2024-47823 was published for livewire/livewire (Composer) Oct 8, 2024
angelej RChutchev
Contao affected by remote command execution through file upload High
CVE-2024-45398 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Apache StreamPipes has potential remote code execution (RCE) via file upload High
CVE-2024-31411 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan JarLob
Grub4K
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability High
CVE-2024-36811 was published for aimeos/aimeos-core (Composer) Jun 7, 2024 withdrawn
aimeos
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-8h4m-r4wm-xj7r was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-f9hr-7cfq-mjg2 was published for typo3/cms-core (Composer) May 30, 2024
silverstripe/framework allows upload of dangerous file types High
GHSA-vcg6-8fxc-x5cq was published for silverstripe/framework (Composer) May 27, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish fforootd
livio-a adlerhurst
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE High
CVE-2024-28105 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API High
CVE-2023-51444 was published for org.geoserver:gs-platform (Maven) Mar 20, 2024
sikeoka
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
mingSoft MCMS File Upload vulnerability High
CVE-2024-22567 was published for net.mingsoft:ms-mcms (Maven) Feb 5, 2024
MLflow Path Traversal Vulnerability High
CVE-2023-6976 was published for mlflow (pip) Dec 20, 2023
ThinkAdmin arbitrary file upload vulnerability High
CVE-2023-48966 was published for zoujingli/thinkadmin (Composer) Dec 4, 2023
Microweber file upload vulnerability High
CVE-2023-49052 was published for microweber/microweber (Composer) Nov 30, 2023
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
Guest Entries Remote code execution via file uploads High
CVE-2023-47621 was published for doublethreedigital/guest-entries (Composer) Nov 14, 2023
Statamic CMS remote code execution via front-end form uploads High
CVE-2023-47129 was published for statamic/cms (Composer) Nov 12, 2023
Cyber-Wo0dy
Economizzer remote code execution vulnerability High
CVE-2023-38874 was published for gugoan/economizzer (Composer) Sep 28, 2023
File Upload vulnerability in Dolibarr ERP CRM High
CVE-2023-38887 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
alist Incorrect Access Control vulnerability High
CVE-2023-33498 was published for github.com/alist-org/alist/v3 (Go) Jun 7, 2023
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database