Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

32 advisories

Loading
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content. Moderate
CVE-2021-43617 was published for laravel/framework (Composer) Nov 16, 2021 withdrawn
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager Moderate
CVE-2021-23814 was published for unisharp/laravel-filemanager (Composer) Jan 6, 2022
streamtw
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom Moderate
CVE-2022-0472 was published for jsdecena/laracom (Composer) Feb 6, 2022
Unrestricted Uploads in Concrete5 Moderate
CVE-2020-14961 was published for concrete5/concrete5 (Composer) Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in Microweber Moderate
CVE-2022-0921 was published for microweber/microweber (Composer) Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber Moderate
CVE-2022-0912 was published for microweber/microweber (Composer) Mar 12, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius Moderate
CVE-2022-24749 was published for Sylius/Sylius (Composer) Mar 14, 2022
Ocramius
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc Moderate
CVE-2022-0951 was published for showdoc/showdoc (Composer) Mar 16, 2022
Cross-site Scripting in ShowDoc Moderate
CVE-2022-0950 was published for showdoc/showdoc (Composer) Mar 16, 2022
TYPO3 Unrestricted File Upload vulnerability Moderate
CVE-2008-2717 was published for typo3/cms-core (Composer) May 1, 2022
Unrestricted Upload of File with Dangerous Type in yetiforce-crm Moderate
CVE-2022-1411 was published for yetiforce/yetiforce-crm (Composer) May 6, 2022
Drupal Settings Tray access bypass Moderate
CVE-2017-6931 was published for drupal/core (Composer) May 13, 2022
Symfony Path Disclosure Moderate
CVE-2018-19789 was published for symfony/form (Composer) May 14, 2022
baserCMS arbitrary file upload vulnerability Moderate
CVE-2018-0571 was published for baserproject/basercms (Composer) May 14, 2022
Magento Unrestricted file upload vulnerability Moderate
CVE-2019-8140 was published for magento/community-edition (Composer) May 24, 2022
FeehiCMS Unrestricted Upload vulnerability Moderate
CVE-2021-36573 was published for feehi/feehicms (Composer) Dec 15, 2022
Pimcore contains Unrestricted Upload of File with Dangerous Type Moderate
CVE-2023-23937 was published for pimcore/pimcore (Composer) Feb 2, 2023
Admidio vulnerable to Unrestricted Upload of File with Dangerous Type Moderate
CVE-2023-3692 was published for admidio/admidio (Composer) Jul 16, 2023
Cockpit CMS arbitrary file upload vulnerability Moderate
CVE-2023-41564 was published for cockpit-hq/cockpit (Composer) Sep 9, 2023
phpMyFAQ allows unrestricted file types in image field Moderate
CVE-2023-5227 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
ConcreteCMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-44763 was published for concrete5/concrete5 (Composer) Oct 10, 2023
Withdrawn Advisory: Unrestricted File Upload affecting automad Moderate
CVE-2023-7036 was published for automad/automad (Composer) Dec 21, 2023 withdrawn
marcantondahmen
class.upload.php allows cross-site scripting attacks via uploaded files Moderate
CVE-2023-6551 was published for verot/class.upload.php (Composer) Jan 4, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts Moderate
GHSA-mwvh-p3hx-x4gg was published for ezsystems/ezplatform-kernel (Composer) Mar 20, 2024
ProTip! Advisories are also available from the GraphQL API