GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Infinite loop in .Net Bond
High
CVE-2020-1469
was published
for
Bond.Core.CSharp
(NuGet)
Apr 8, 2022
Unrestricted Upload of File with Dangerous Type in ShowDoc
High
CVE-2022-1034
was published
for
showdoc/showdoc
(Composer)
Mar 23, 2022
Unrestricted Upload of File with Dangerous Type in Gogs
High
CVE-2022-0415
was published
for
gogs.io/gogs
(Go)
Mar 28, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4
High
CVE-2021-34257
was published
for
wpanel/wpanel4-cms
(Composer)
Apr 1, 2022
JFinal file validation vulnerability
High
CVE-2019-17352
was published
for
com.jfinal:jfinal
(Maven)
May 25, 2022
Arbitrary command execution in Minidoc
High
CVE-2022-29637
was published
for
github.com/mindoc-org/mindoc
(Go)
May 27, 2022
Arbitrary file upload in ShopXO
High
CVE-2021-41938
was published
for
shopxo/shopxo
(Composer)
May 20, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
High
CVE-2019-16530
was published
for
org.sonatype.nexus:nexus-repository
(Maven)
May 24, 2022
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Unrestricted Upload of File with Dangerous Type in Elefant CMS
High
CVE-2017-20063
was published
for
elefant/cms
(Composer)
Jun 21, 2022
Feehi CMS arbitrary code execution via crafted PHP file
High
CVE-2022-34971
was published
for
feehi/cms
(Composer)
Jul 28, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution
High
CVE-2022-46157
was published
for
akeneo/pim-community-dev
(Composer)
Dec 9, 2022
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
AList vulnerable to Improper Preservation of Permissions
High
CVE-2022-45968
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 12, 2022
Arbitrary file upload in Fork CMS
High
CVE-2021-28931
was published
for
forkcms/forkcms
(Composer)
Sep 8, 2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-3915
was published
for
ssddanbrown/bookstack
(Composer)
Nov 15, 2021
Arbitrary Code Execution in feehi/cms
High
CVE-2020-21322
was published
for
feehi/cms
(Composer)
Sep 20, 2021
Microweber vulnerable to unrestricted malicious uploads
High
CVE-2022-4732
was published
for
microweber/microweber
(Composer)
Dec 27, 2022
Thinkphp has a code logic error
High
CVE-2022-44289
was published
for
topthink/framework
(Composer)
Dec 6, 2022
Arbitrary file write in net.mingsoft:ms-mcms
High
CVE-2022-47042
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API