Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

239 advisories

Loading
Octobot mishandles Tentacles upload Critical
CVE-2021-36711 was published for OctoBot (pip) Jul 17, 2022
RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module Moderate
CVE-2022-32065 was published for com.ruoyi:ruoyi (Maven) Jul 14, 2022
Strapi 4.1.12 Cross-site Scripting via crafted file Moderate
CVE-2022-32114 was published for @strapi/strapi (npm) Jul 14, 2022
Unrestricted Upload of File with Dangerous Type in MCMS Critical
CVE-2022-31943 was published for net.mingsoft:ms-mcms (Maven) Jul 2, 2022
Unrestricted Upload of File with Dangerous Type in Elefant CMS High
CVE-2017-20063 was published for elefant/cms (Composer) Jun 21, 2022
Unrestricted Attachment Upload High
CVE-2022-2111 was published for inventree (pip) Jun 17, 2022
saharshtapi
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Arbitrary command execution in Minidoc High
CVE-2022-29637 was published for github.com/mindoc-org/mindoc (Go) May 27, 2022
JFinal file validation vulnerability High
CVE-2019-17352 was published for com.jfinal:jfinal (Maven) May 25, 2022
Unrestricted File Upload vulnerability in Firefly III High
CVE-2021-3846 was published for grumpydictator/firefly-iii (Composer) May 24, 2022
Jeecg-Boot CMS arbitrary file upload vulnerability Critical
CVE-2020-28088 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) May 24, 2022
ShopXO RCE Vulnerability Critical
CVE-2021-27817 was published for shopxo/shopxo (Composer) May 24, 2022
Magento vulnerable to a file upload restriction bypass Critical
CVE-2021-21014 was published for magento/community-edition (Composer) May 24, 2022
Feehi CMS arbitrary file upload vulnerability High
CVE-2020-22643 was published for feehi/cms (Composer) May 24, 2022
Magento 2 Community Edition RCE via Unsafe File Upload Critical
CVE-2020-24407 was published for magento/community-edition (Composer) May 24, 2022
Dolibarr Unrestricted Upload of File with Dangerous Type High
CVE-2020-14209 was published for dolibarr/dolibarr (Composer) May 24, 2022
Silverstripe CMS malicious file upload enables script execution High
CVE-2020-9309 was published for silverstripe/cms (Composer) May 24, 2022
Microweber allows Unrestricted File Upload High
CVE-2020-13241 was published for microweber/microweber (Composer) May 24, 2022
SilverStripe Folders migrated from 3.x may be unsafe to upload to High
CVE-2020-9280 was published for silverstripe/assets (Composer) May 24, 2022
FrozenNode Laravel-Administrator unrestricted file upload High
CVE-2020-10963 was published for frozennode/administrator (Composer) May 24, 2022
Umbraco CMS Authenticated File Upload High
CVE-2020-9471 was published for UmbracoCMS.Core (NuGet) May 24, 2022
DNN File Upload Vulnerability Moderate
CVE-2020-5188 was published for DotNetNuke.Core (NuGet) May 24, 2022
Magento Unrestricted file upload vulnerability Moderate
CVE-2019-8140 was published for magento/community-edition (Composer) May 24, 2022
Magento Information Disclosure via File upload functionality High
CVE-2019-8093 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-8114 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database