Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

414 advisories

Loading
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
Unrestricted Upload of File with Dangerous Type in Microweber Moderate
CVE-2022-0921 was published for microweber/microweber (Composer) Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber Moderate
CVE-2022-0912 was published for microweber/microweber (Composer) Mar 12, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius Moderate
CVE-2022-24749 was published for Sylius/Sylius (Composer) Mar 14, 2022
Ocramius
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc Moderate
CVE-2022-0951 was published for showdoc/showdoc (Composer) Mar 16, 2022
Cross-site Scripting in ShowDoc Moderate
CVE-2022-0950 was published for showdoc/showdoc (Composer) Mar 16, 2022
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. Moderate Unreviewed
CVE-2022-1045 was published Apr 12, 2022
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows... Moderate Unreviewed
CVE-2020-5844 was published May 24, 2022
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact... Moderate Unreviewed
CVE-2020-29450 was published May 24, 2022
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to... Moderate Unreviewed
CVE-2015-4463 was published May 17, 2022
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5... Moderate Unreviewed
CVE-2015-4462 was published May 17, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could... Moderate Unreviewed
CVE-2021-39017 was published Jul 15, 2022
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low... Moderate Unreviewed
CVE-2017-7989 was published May 17, 2022
RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module Moderate
CVE-2022-32065 was published for com.ruoyi:ruoyi (Maven) Jul 14, 2022
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an... Moderate Unreviewed
CVE-2016-8973 was published May 17, 2022
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before... Moderate Unreviewed
CVE-2015-4524 was published May 17, 2022
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine ... Moderate Unreviewed
CVE-2016-2914 was published May 17, 2022
FeehiCMS Unrestricted Upload vulnerability Moderate
CVE-2021-36573 was published for feehi/feehicms (Composer) Dec 15, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0... Moderate Unreviewed
CVE-2022-22482 was published May 18, 2022
This vulnerability allows remote attackers to create arbitrary files on affected installations of... Moderate Unreviewed
CVE-2020-8866 was published May 24, 2022
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with... Moderate Unreviewed
CVE-2019-19493 was published May 24, 2022
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker... Moderate Unreviewed
CVE-2019-18320 was published May 24, 2022
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote... Moderate Unreviewed
CVE-2019-19141 was published May 24, 2022
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update... Moderate Unreviewed
CVE-2019-19925 was published May 24, 2022
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle... Moderate Unreviewed
CVE-2020-2730 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API