GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
242 advisories
Filter by severity
Apache Struts file upload logic is flawed
Critical
CVE-2024-53677
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 11, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
High
CVE-2024-53863
was published
for
matrix-synapse
(pip)
Dec 3, 2024
django Filer Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2024-11404
was published
for
django-filer
(pip)
Nov 20, 2024
angular-base64-upload vulnerable to unauthenticated remote code execution
Critical
CVE-2024-42640
was published
for
angular-base64-upload
(npm)
Oct 11, 2024
Livewire Remote Code Execution on File Uploads
High
CVE-2024-47823
was published
for
livewire/livewire
(Composer)
Oct 8, 2024
October allows an admin account to upload PDF containing malicious JavaScript
Low
CVE-2024-45962
was published
for
october/october
(Composer)
Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code
Low
CVE-2024-45960
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
Contao affected by remote command execution through file upload
High
CVE-2024-45398
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
FeehiCMS User[avatar] unrestricted upload
Moderate
CVE-2024-8296
was published
for
feehi/cms
(Composer)
Aug 29, 2024
FeehiCMS file upload vulnerability
Moderate
CVE-2024-8294
was published
for
feehi/cms
(Composer)
Aug 29, 2024
FeehiCMS BannerForm[img] unrestricted upload
Moderate
CVE-2024-8295
was published
for
feehi/cms
(Composer)
Aug 29, 2024
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Critical
CVE-2024-38529
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
Automad arbitrary file upload vulnerability
High
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
Apache StreamPipes has potential remote code execution (RCE) via file upload
High
CVE-2024-31411
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization
High
CVE-2024-38519
was published
for
yt-dlp
(pip)
Jul 2, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Critical
CVE-2024-5980
was published
for
lightning
(pip)
Jun 27, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability
High
CVE-2024-36811
was published
for
aimeos/aimeos-core
(Composer)
Jun 7, 2024
•
withdrawn
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-8h4m-r4wm-xj7r
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
Jan path traversal vulnerability
Critical
CVE-2024-36858
was published
for
@janhq/core
(npm)
Jun 4, 2024
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-f9hr-7cfq-mjg2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
silverstripe/framework allows upload of dangerous file types
High
GHSA-vcg6-8fxc-x5cq
was published
for
silverstripe/framework
(Composer)
May 27, 2024
ProTip!
Advisories are also available from the
GraphQL API