Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

72 advisories

Loading
Contao affected by remote command execution through file upload High
CVE-2024-45398 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability High
CVE-2024-36811 was published for aimeos/aimeos-core (Composer) Jun 7, 2024 withdrawn
aimeos
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-8h4m-r4wm-xj7r was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-f9hr-7cfq-mjg2 was published for typo3/cms-core (Composer) May 30, 2024
silverstripe/framework allows upload of dangerous file types High
GHSA-vcg6-8fxc-x5cq was published for silverstripe/framework (Composer) May 27, 2024
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE High
CVE-2024-28105 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
ThinkAdmin arbitrary file upload vulnerability High
CVE-2023-48966 was published for zoujingli/thinkadmin (Composer) Dec 4, 2023
Microweber file upload vulnerability High
CVE-2023-49052 was published for microweber/microweber (Composer) Nov 30, 2023
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
Guest Entries Remote code execution via file uploads High
CVE-2023-47621 was published for doublethreedigital/guest-entries (Composer) Nov 14, 2023
Statamic CMS remote code execution via front-end form uploads High
CVE-2023-47129 was published for statamic/cms (Composer) Nov 12, 2023
Cyber-Wo0dy
Economizzer remote code execution vulnerability High
CVE-2023-38874 was published for gugoan/economizzer (Composer) Sep 28, 2023
File Upload vulnerability in Dolibarr ERP CRM High
CVE-2023-38887 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2023-1970 was published for yuan1994/tpadmin (Composer) Apr 10, 2023
Uvdesk remote code execution vulnerability High
CVE-2023-0265 was published for uvdesk/community-skeleton (Composer) Apr 5, 2023
cockpit-hq/cockpit is vulnerable to unrestricted file uploads High
CVE-2023-1313 was published for cockpit-hq/cockpit (Composer) Mar 10, 2023
laravel-admin has Arbitrary File Upload vulnerability High
CVE-2023-24249 was published for encore/laravel-admin (Composer) Feb 27, 2023
DataFlow upload remote code execution vulnerability High
CVE-2021-41231 was published for openmage/magento-lts (Composer) Jan 27, 2023
Microweber vulnerable to unrestricted malicious uploads High
CVE-2022-4732 was published for microweber/microweber (Composer) Dec 27, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
Thinkphp has a code logic error High
CVE-2022-44289 was published for topthink/framework (Composer) Dec 6, 2022
Backdrop CMS Unrestricted File Upload vulnerability High
CVE-2022-42092 was published for backdrop/backdrop (Composer) Oct 7, 2022
Drupal core arbitrary PHP code execution High
CVE-2022-25277 was published for drupal/core (Composer) Aug 6, 2022
ProTip! Advisories are also available from the GraphQL API