Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,347
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

263 advisories

Loading
Cockpit CMS arbitrary file upload vulnerability Moderate
CVE-2023-41564 was published for cockpit-hq/cockpit (Composer) Sep 9, 2023
Pygments vulnerable to ReDoS Moderate
CVE-2022-40896 was published for Pygments (pip) Jul 19, 2023
Admidio vulnerable to Unrestricted Upload of File with Dangerous Type Moderate
CVE-2023-3692 was published for admidio/admidio (Composer) Jul 16, 2023
Apache StreamPark Path Traversal vulnerability Critical
CVE-2022-45802 was published for org.apache.streampark:streampark-common_2.11 (Maven) Jul 6, 2023
Apache Linkis Zip Slip issue Critical
CVE-2023-27603 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Apache Linkis Unrestricted File Upload vulnerability Critical
CVE-2023-27602 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
fuadmin vulnerable to insecure file upload Critical
CVE-2023-36097 was published for funadmin/funadmin (Composer) Jun 22, 2023
Liufee CMS File Upload vulnerability Critical
CVE-2020-21489 was published for feehi/cms (Composer) Jun 20, 2023
liufee CMS File Upload vulnerability Critical
CVE-2020-21174 was published for feehi/cms (Composer) Jun 20, 2023
jeecg-boot unrestricted file upload vulnerability Moderate
CVE-2023-34660 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Jun 16, 2023
alist Incorrect Access Control vulnerability High
CVE-2023-33498 was published for github.com/alist-org/alist/v3 (Go) Jun 7, 2023
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
Phishing attack vulnerability by uploading malicious HTML file Moderate
CVE-2023-32689 was published for parse-server (npm) May 31, 2023
dblythy mtrezza
kiwitcms vulnerable to stored XSS via unrestricted files upload Moderate
CVE-2023-32686 was published for kiwitcms (pip) May 22, 2023
antoniospataro mosaa404
ek1ng
MCMS vulnerable to arbitrary code execution via crafted thumbnail High
CVE-2020-22755 was published for net.mingsoft:ms-mcms (Maven) May 8, 2023
Unrestricted file upload in kiwi TCMS High
CVE-2023-30613 was published for kiwitcms (pip) Apr 24, 2023
mosaa404
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type Critical
CVE-2023-2034 was published for froxlor/froxlor (Composer) Apr 14, 2023
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2023-1970 was published for yuan1994/tpadmin (Composer) Apr 10, 2023
Uvdesk remote code execution vulnerability High
CVE-2023-0265 was published for uvdesk/community-skeleton (Composer) Apr 5, 2023
sjqzhang go-fastdfs vulnerable to path traversal Critical
CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023
baserCMS allows any file to be uploaded Critical
CVE-2023-25655 was published for baserproject/basercms (Composer) Mar 23, 2023
baserCMS File Uploader Remote Code Execution (RCE) vulnerability Critical
CVE-2023-25654 was published for baserproject/basercms (Composer) Mar 23, 2023
cockpit-hq/cockpit is vulnerable to unrestricted file uploads High
CVE-2023-1313 was published for cockpit-hq/cockpit (Composer) Mar 10, 2023
laravel-admin has Arbitrary File Upload vulnerability High
CVE-2023-24249 was published for encore/laravel-admin (Composer) Feb 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database