GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
242 advisories
Filter by severity
Magento Unrestricted file upload vulnerability
Moderate
CVE-2019-8140
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-8114
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Information Disclosure via File upload functionality
High
CVE-2019-8093
was published
for
magento/community-edition
(Composer)
May 24, 2022
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
High
CVE-2019-16530
was published
for
org.sonatype.nexus:nexus-repository
(Maven)
May 24, 2022
slub_events for Typo3 Arbitrary File Upload
Critical
CVE-2019-16700
was published
for
slub/slub-events
(Composer)
May 24, 2022
Pimcore Unrestricted Upload of File with Dangerous Type
High
CVE-2019-16318
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Magento 2 Community Unrestricted File Upload
High
CVE-2019-7930
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Filter extension bypass via crafted store configuration keys
High
CVE-2019-7912
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Unsafe File Upload
High
CVE-2019-7861
was published
for
magento/community-edition
(Composer)
May 24, 2022
SiteServer CMS RCE via unsafe file upload
High
CVE-2019-11401
was published
for
sscms
(NuGet)
May 24, 2022
Publify vulnerable to cross site scripting
Critical
CVE-2022-1811
was published
for
publify_core
(RubyGems)
May 24, 2022
Arbitrary file upload in ShopXO
High
CVE-2021-41938
was published
for
shopxo/shopxo
(Composer)
May 20, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
jQuery File Upload Plugin Unrestricted file upload vulnerability
High
CVE-2014-8739
was published
for
blueimp/jquery-file-upload
(Composer)
May 17, 2022
MoinMoin Multiple unrestricted file upload vulnerabilities
Moderate
CVE-2012-6081
was published
for
moin
(pip)
May 17, 2022
Moodle Unrestricted file upload vulnerability
High
CVE-2016-9187
was published
for
moodle/moodle
(Composer)
May 17, 2022
Dolibarr ERP and CRM Unsafe File Upload Vulnerability
High
CVE-2017-9840
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
TYPO3 Arbitrary Code Execution
High
CVE-2017-14251
was published
for
typo3/cms
(Composer)
May 17, 2022
TeamPass arbitrary file upload vulnerability
High
CVE-2017-15054
was published
for
nilsteampassnet/teampass
(Composer)
May 17, 2022
Formidable arbitrary file upload
Critical
CVE-2022-29622
was published
for
formidable
(npm)
May 17, 2022
•
withdrawn
Withdrawn: Code execution via SVG file upload in tiddlywiki
Critical
CVE-2022-29351
was published
for
tiddlywiki
(npm)
May 17, 2022
•
withdrawn
baserCMS arbitrary file upload vulnerability
Moderate
CVE-2018-0571
was published
for
baserproject/basercms
(Composer)
May 14, 2022
Elefant CMS Code Execution Vulnerability
Critical
CVE-2018-16974
was published
for
elefant/cms
(Composer)
May 14, 2022
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability
Critical
CVE-2018-9209
was published
for
fineuploader/php-traditional-server
(Composer)
May 14, 2022
Improper Input Validation in Apache ActiveMQ
Critical
CVE-2016-3088
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API