Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,299 advisories

Loading
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows High
CVE-2021-34551 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
elFinder unsafe upload filtering leading to remote code execution High
CVE-2021-23394 was published for studio-42/elfinder (Composer) Jun 15, 2021
assaf-benjosef thomas-chauchefoin-sonarsource
Path Traversal in Django High
CVE-2021-31542 was published for Django (pip) Jun 4, 2021
tdunlap607
Script injection Moderate
CVE-2021-32660 was published for @backstage/techdocs-common (npm) Jun 4, 2021
Script injection Moderate
CVE-2021-32661 was published for @backstage/plugin-techdocs (npm) Jun 4, 2021
Broken Access Control in Form Framework High
CVE-2021-21357 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi waldhacker1
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21351 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21350 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21347 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21346 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
wh1t3p1g
XStream is vulnerable to an Arbitrary Code Execution attack Moderate
CVE-2021-21344 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
Circumvention of file size limits in ActiveStorage High
CVE-2020-8162 was published for activestorage (RubyGems) May 26, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions Critical
CVE-2019-19634 was published for verot/class.upload.php (Composer) Feb 28, 2020
Unrestricted upload of file with dangerous type in Apache Solr Critical
CVE-2019-12409 was published for org.apache.solr:solr-core (Maven) Jan 28, 2020
Remote code execution in verot/class.upload.php Critical
CVE-2019-19576 was published for verot/class.upload.php (Composer) Jan 16, 2020
Unrestricted file uploads in Contao High
CVE-2019-19745 was published for contao/contao (Composer) Dec 17, 2019
Unrestricted Upload of File with Dangerous Type in jquery-file-upload Critical
CVE-2018-9207 was published for jquery-file-upload (npm) Dec 19, 2018
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms Critical
CVE-2018-18830 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload Critical
CVE-2018-9206 was published for blueimp-file-upload (npm) Oct 22, 2018
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server High
CVE-2017-12615 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
Rubyzip gem contains a Directory Traversal vulnerability in zip file component Critical
CVE-2018-1000544 was published for rubyzip (RubyGems) Sep 6, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database