GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
239 advisories
Filter by severity
Remote code execution in verot/class.upload.php
Critical
CVE-2019-19576
was published
for
verot/class.upload.php
(Composer)
Jan 16, 2020
Unrestricted upload of file with dangerous type in Apache Solr
Critical
CVE-2019-12409
was published
for
org.apache.solr:solr-core
(Maven)
Jan 28, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
Critical
CVE-2018-9206
was published
for
blueimp-file-upload
(npm)
Oct 22, 2018
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms
Critical
CVE-2018-18830
was published
for
net.mingsoft:ms-mcms
(Maven)
Nov 1, 2018
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Unrestricted Upload of File with Dangerous Type in jquery-file-upload
Critical
CVE-2018-9207
was published
for
jquery-file-upload
(npm)
Dec 19, 2018
Infinite loop in .Net Bond
High
CVE-2020-1469
was published
for
Bond.Core.CSharp
(NuGet)
Apr 8, 2022
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Moderate
CVE-2020-26255
was published
for
getkirby/cms
(Composer)
Dec 8, 2020
Unrestricted Upload of File with Dangerous Type in Microweber
Moderate
CVE-2022-0921
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber
Moderate
CVE-2022-0912
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Moderate
CVE-2022-24749
was published
for
Sylius/Sylius
(Composer)
Mar 14, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0950
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Critical
CVE-2021-42171
was published
for
tribalsystems/zenario
(Composer)
Mar 15, 2022
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0951
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
Unrestricted Upload of File with Dangerous Type in ShowDoc
High
CVE-2022-1034
was published
for
showdoc/showdoc
(Composer)
Mar 23, 2022
Unrestricted Upload of File with Dangerous Type in Gogs
High
CVE-2022-0415
was published
for
gogs.io/gogs
(Go)
Mar 28, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4
High
CVE-2021-34257
was published
for
wpanel/wpanel4-cms
(Composer)
Apr 1, 2022
Unrestricted Upload of File with Dangerous Type in Strapi
Critical
CVE-2022-27263
was published
for
strapi
(npm)
Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS
Critical
CVE-2022-27260
was published
for
buttercms
(npm)
Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Payload
Critical
CVE-2022-27952
was published
for
payload
(npm)
Apr 13, 2022
JFinal file validation vulnerability
High
CVE-2019-17352
was published
for
com.jfinal:jfinal
(Maven)
May 25, 2022
Arbitrary command execution in Minidoc
High
CVE-2022-29637
was published
for
github.com/mindoc-org/mindoc
(Go)
May 27, 2022
ProTip!
Advisories are also available from the
GraphQL API