Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
Remote code execution in verot/class.upload.php Critical
CVE-2019-19576 was published for verot/class.upload.php (Composer) Jan 16, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions Critical
CVE-2019-19634 was published for verot/class.upload.php (Composer) Feb 28, 2020
Unrestricted File Upload in ShowDoc v2.9.5 Critical
CVE-2021-36440 was published for showdoc/showdoc (Composer) Sep 9, 2021
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS Critical
CVE-2021-42171 was published for tribalsystems/zenario (Composer) Mar 15, 2022
elFinder Unrestricted File Upload vulnerability Critical
CVE-2021-43421 was published for studio-42/elfinder (Composer) Apr 8, 2022
RCE in Studio-42 elFinder on Windows before 2.1.61 Critical
CVE-2022-27115 was published for studio-42/elfinder (Composer) Apr 12, 2022
October CMS File Upload Vulnerability Critical
CVE-2017-1000194 was published for october/october (Composer) May 13, 2022
daftspunk
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability Critical
CVE-2018-9209 was published for fineuploader/php-traditional-server (Composer) May 14, 2022
Elefant CMS Code Execution Vulnerability Critical
CVE-2018-16974 was published for elefant/cms (Composer) May 14, 2022
slub_events for Typo3 Arbitrary File Upload Critical
CVE-2019-16700 was published for slub/slub-events (Composer) May 24, 2022
Magento 2 Community Edition RCE via Unsafe File Upload Critical
CVE-2020-24407 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to a file upload restriction bypass Critical
CVE-2021-21014 was published for magento/community-edition (Composer) May 24, 2022
ShopXO RCE Vulnerability Critical
CVE-2021-27817 was published for shopxo/shopxo (Composer) May 24, 2022
FeehiCMS has an arbitrary file upload vulnerability Critical
CVE-2020-21516 was published for feehi/cms (Composer) Sep 7, 2022
rthorpeii
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2022-38916 was published for pagekit/pagekit (Composer) Sep 21, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload Critical
CVE-2022-41711 was published for badaso/core (Composer) Oct 26, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2021-26642 was published for xpressengine/xpressengine (Composer) Jan 20, 2023
baserCMS File Uploader Remote Code Execution (RCE) vulnerability Critical
CVE-2023-25654 was published for baserproject/basercms (Composer) Mar 23, 2023
baserCMS allows any file to be uploaded Critical
CVE-2023-25655 was published for baserproject/basercms (Composer) Mar 23, 2023
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type Critical
CVE-2023-2034 was published for froxlor/froxlor (Composer) Apr 14, 2023
ProTip! Advisories are also available from the GraphQL API