GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Unrestricted Upload of File with Dangerous Type in django-widgy
Critical
CVE-2020-18704
was published
for
django-widgy
(pip)
Aug 30, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
High
CVE-2021-40324
was published
for
cobbler
(pip)
Oct 5, 2021
Unrestricted Upload of File with Dangerous Type in motionEye
High
CVE-2021-44255
was published
for
motioneye
(pip)
Feb 1, 2022
pgAdmin 4 Path Traversal vulnerability
Moderate
CVE-2022-0959
was published
for
pgadmin4
(pip)
Mar 17, 2022
MoinMoin Multiple unrestricted file upload vulnerabilities
Moderate
CVE-2012-6081
was published
for
moin
(pip)
May 17, 2022
Octobot mishandles Tentacles upload
Critical
CVE-2021-36711
was published
for
OctoBot
(pip)
Jul 17, 2022
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Low
CVE-2022-2872
was published
for
OctoPrint
(pip)
Sep 22, 2022
Unrestricted file upload in kiwi TCMS
High
CVE-2023-30613
was published
for
kiwitcms
(pip)
Apr 24, 2023
kiwitcms vulnerable to stored XSS via unrestricted files upload
Moderate
CVE-2023-32686
was published
for
kiwitcms
(pip)
May 22, 2023
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload
High
CVE-2023-33977
was published
for
kiwitcms
(pip)
Jun 6, 2023
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
High
CVE-2023-36809
was published
for
kiwitcms
(pip)
Jul 5, 2023
Gradio arbitrary file upload vulnerability
Moderate
CVE-2023-41626
was published
for
gradio
(pip)
Sep 16, 2023
pyLoad allows upload to arbitrary folder lead to RCE
Critical
CVE-2024-32880
was published
for
pyload-ng
(pip)
Apr 24, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Critical
CVE-2024-5980
was published
for
lightning
(pip)
Jun 27, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization
High
CVE-2024-38519
was published
for
yt-dlp
(pip)
Jul 2, 2024
django Filer Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2024-11404
was published
for
django-filer
(pip)
Nov 20, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
High
CVE-2024-53863
was published
for
matrix-synapse
(pip)
Dec 3, 2024
ProTip!
Advisories are also available from the
GraphQL API