GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
139 advisories
Filter by severity
Unrestricted file uploads in Contao
High
CVE-2019-19745
was published
for
contao/contao
(Composer)
Dec 17, 2019
Remote code execution in verot/class.upload.php
Critical
CVE-2019-19576
was published
for
verot/class.upload.php
(Composer)
Jan 16, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Moderate
CVE-2020-26255
was published
for
getkirby/cms
(Composer)
Dec 8, 2020
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Arbitrary file upload in Fork CMS
High
CVE-2021-28931
was published
for
forkcms/forkcms
(Composer)
Sep 8, 2021
Unrestricted File Upload in ShowDoc v2.9.5
Critical
CVE-2021-36440
was published
for
showdoc/showdoc
(Composer)
Sep 9, 2021
Arbitrary Code Execution in feehi/cms
High
CVE-2020-21322
was published
for
feehi/cms
(Composer)
Sep 20, 2021
Drupal core Unrestricted Upload of File with Dangerous Type
High
CVE-2020-13671
was published
for
drupal/core
(Composer)
Oct 12, 2021
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-3915
was published
for
ssddanbrown/bookstack
(Composer)
Nov 15, 2021
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
Moderate
CVE-2021-43617
was published
for
laravel/framework
(Composer)
Nov 16, 2021
•
withdrawn
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Moderate
CVE-2021-23814
was published
for
unisharp/laravel-filemanager
(Composer)
Jan 6, 2022
Unrestricted Upload of File with Dangerous Type in pimcore
High
CVE-2022-0263
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in Crater
High
CVE-2022-0242
was published
for
bytefury/crater
(Composer)
Jan 21, 2022
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-4080
was published
for
bytefury/crater
(Composer)
Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Moderate
CVE-2022-0472
was published
for
jsdecena/laracom
(Composer)
Feb 6, 2022
Unrestricted Uploads in Concrete5
Moderate
CVE-2020-14961
was published
for
concrete5/concrete5
(Composer)
Feb 10, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core
Critical
CVE-2020-13675
was published
for
drupal/core
(Composer)
Feb 12, 2022
Unrestricted Upload of File with Dangerous Type in showdoc
High
CVE-2022-0409
was published
for
showdoc/showdoc
(Composer)
Feb 20, 2022
ProTip!
Advisories are also available from the
GraphQL API