Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

66 advisories

Loading
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
angular-base64-upload vulnerable to unauthenticated remote code execution Critical
CVE-2024-42640 was published for angular-base64-upload (npm) Oct 11, 2024
rvizx
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal Critical
CVE-2024-47169 was published for agnai (npm) Sep 26, 2024
ropwareJB noe233
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment Critical
CVE-2024-38529 was published for admidio/admidio (Composer) Jul 29, 2024
UmerAdeemCheema
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
awaelchli
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
Jan path traversal vulnerability Critical
CVE-2024-36858 was published for @janhq/core (npm) Jun 4, 2024
Van-QA
Cockpit CMS contains an arbitrary file upload vulenrability Critical
CVE-2024-4825 was published for cockpit-hq/cockpit (Composer) May 14, 2024
pyLoad allows upload to arbitrary folder lead to RCE Critical
CVE-2024-32880 was published for pyload-ng (pip) Apr 24, 2024
zhcy2018
Remote Code Execution by uploading a phar file using frontmatter Critical
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122
Apache StreamPark Path Traversal vulnerability Critical
CVE-2022-45802 was published for org.apache.streampark:streampark-common_2.11 (Maven) Jul 6, 2023
Apache Linkis Zip Slip issue Critical
CVE-2023-27603 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Apache Linkis Unrestricted File Upload vulnerability Critical
CVE-2023-27602 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
fuadmin vulnerable to insecure file upload Critical
CVE-2023-36097 was published for funadmin/funadmin (Composer) Jun 22, 2023
Liufee CMS File Upload vulnerability Critical
CVE-2020-21489 was published for feehi/cms (Composer) Jun 20, 2023
liufee CMS File Upload vulnerability Critical
CVE-2020-21174 was published for feehi/cms (Composer) Jun 20, 2023
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type Critical
CVE-2023-2034 was published for froxlor/froxlor (Composer) Apr 14, 2023
sjqzhang go-fastdfs vulnerable to path traversal Critical
CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023
baserCMS allows any file to be uploaded Critical
CVE-2023-25655 was published for baserproject/basercms (Composer) Mar 23, 2023
baserCMS File Uploader Remote Code Execution (RCE) vulnerability Critical
CVE-2023-25654 was published for baserproject/basercms (Composer) Mar 23, 2023
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2021-26642 was published for xpressengine/xpressengine (Composer) Jan 20, 2023
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload Critical
CVE-2022-41711 was published for badaso/core (Composer) Oct 26, 2022
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2022-38916 was published for pagekit/pagekit (Composer) Sep 21, 2022
ProTip! Advisories are also available from the GraphQL API