GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
109 advisories
Filter by severity
Livewire Remote Code Execution on File Uploads
High
CVE-2024-47823
was published
for
livewire/livewire
(Composer)
Oct 8, 2024
Contao affected by remote command execution through file upload
High
CVE-2024-45398
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Apache StreamPipes has potential remote code execution (RCE) via file upload
High
CVE-2024-31411
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization
High
CVE-2024-38519
was published
for
yt-dlp
(pip)
Jul 2, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability
High
CVE-2024-36811
was published
for
aimeos/aimeos-core
(Composer)
Jun 7, 2024
•
withdrawn
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-8h4m-r4wm-xj7r
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-f9hr-7cfq-mjg2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
silverstripe/framework allows upload of dangerous file types
High
GHSA-vcg6-8fxc-x5cq
was published
for
silverstripe/framework
(Composer)
May 27, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
High
CVE-2024-29891
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
High
CVE-2024-28105
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
High
CVE-2023-51444
was published
for
org.geoserver:gs-platform
(Maven)
Mar 20, 2024
October CMS Cross-site Scripting vulnerability
High
CVE-2023-25365
was published
for
october/october
(Composer)
Feb 9, 2024
mingSoft MCMS File Upload vulnerability
High
CVE-2024-22567
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 5, 2024
ThinkAdmin arbitrary file upload vulnerability
High
CVE-2023-48966
was published
for
zoujingli/thinkadmin
(Composer)
Dec 4, 2023
Microweber file upload vulnerability
High
CVE-2023-49052
was published
for
microweber/microweber
(Composer)
Nov 30, 2023
Statamic CMS vulnerable to remote code execution via form uploads
High
CVE-2023-48217
was published
for
statamic/cms
(Composer)
Nov 14, 2023
Guest Entries Remote code execution via file uploads
High
CVE-2023-47621
was published
for
doublethreedigital/guest-entries
(Composer)
Nov 14, 2023
Statamic CMS remote code execution via front-end form uploads
High
CVE-2023-47129
was published
for
statamic/cms
(Composer)
Nov 12, 2023
Economizzer remote code execution vulnerability
High
CVE-2023-38874
was published
for
gugoan/economizzer
(Composer)
Sep 28, 2023
File Upload vulnerability in Dolibarr ERP CRM
High
CVE-2023-38887
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
High
CVE-2023-36809
was published
for
kiwitcms
(pip)
Jul 5, 2023
alist Incorrect Access Control vulnerability
High
CVE-2023-33498
was published
for
github.com/alist-org/alist/v3
(Go)
Jun 7, 2023
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload
High
CVE-2023-33977
was published
for
kiwitcms
(pip)
Jun 6, 2023
ProTip!
Advisories are also available from the
GraphQL API