Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

74 advisories

Loading
Automad arbitrary file upload vulnerability High
CVE-2024-40400 was published for automad/automad (Composer) Jul 19, 2024
marcantondahmen
Livewire Remote Code Execution on File Uploads High
CVE-2024-47823 was published for livewire/livewire (Composer) Oct 8, 2024
angelej RChutchev
Contao affected by remote command execution through file upload High
CVE-2024-45398 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability High
CVE-2024-36811 was published for aimeos/aimeos-core (Composer) Jun 7, 2024 withdrawn
aimeos
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-8h4m-r4wm-xj7r was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-f9hr-7cfq-mjg2 was published for typo3/cms-core (Composer) May 30, 2024
silverstripe/framework allows upload of dangerous file types High
GHSA-vcg6-8fxc-x5cq was published for silverstripe/framework (Composer) May 27, 2024
Magento Information Disclosure via File upload functionality High
CVE-2019-8093 was published for magento/community-edition (Composer) May 24, 2022
Magento Filter extension bypass via crafted store configuration keys High
CVE-2019-7912 was published for magento/community-edition (Composer) May 24, 2022
Unrestricted file uploads in Contao High
CVE-2019-19745 was published for contao/contao (Composer) Dec 17, 2019
Craft CMS PHP Code Injection Vulnerability High
CVE-2018-3814 was published for craftcms/cms (Composer) May 13, 2022
TYPO3 Arbitrary Code Execution High
CVE-2017-14251 was published for typo3/cms (Composer) May 17, 2022
SilverStripe Folders migrated from 3.x may be unsafe to upload to High
CVE-2020-9280 was published for silverstripe/assets (Composer) May 24, 2022
jQuery File Upload Plugin Unrestricted file upload vulnerability High
CVE-2014-8739 was published for blueimp/jquery-file-upload (Composer) May 17, 2022
TeamPass arbitrary file upload vulnerability High
CVE-2017-15054 was published for nilsteampassnet/teampass (Composer) May 17, 2022
Dolibarr Unrestricted Upload of File with Dangerous Type High
CVE-2020-14209 was published for dolibarr/dolibarr (Composer) May 24, 2022
Pimcore Unrestricted Upload of File with Dangerous Type High
CVE-2019-16318 was published for pimcore/pimcore (Composer) May 24, 2022
Moodle Unrestricted file upload vulnerability High
CVE-2016-9187 was published for moodle/moodle (Composer) May 17, 2022
Bolt Unrestricted Upload of File with Dangerous Type High
CVE-2019-9185 was published for bolt/bolt (Composer) May 13, 2022
FrozenNode Laravel-Administrator unrestricted file upload High
CVE-2020-10963 was published for frozennode/administrator (Composer) May 24, 2022
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE High
CVE-2024-28105 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2023-1970 was published for yuan1994/tpadmin (Composer) Apr 10, 2023
ProTip! Advisories are also available from the GraphQL API