Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,347
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
Erupt Unrestricted Upload of File with Dangerous Type vulnerability Moderate
CVE-2025-45855 was published for xyz.erupt:erupt (Maven) Jun 3, 2025
MCMS allows arbitrary file uploads in the ueditor component Critical
CVE-2025-29287 was published for net.mingsoft:ms-mcms (Maven) Apr 21, 2025
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
chximn-dt
Apache StreamPipes has potential remote code execution (RCE) via file upload High
CVE-2024-31411 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API High
CVE-2023-51444 was published for org.geoserver:gs-platform (Maven) Mar 20, 2024
sikeoka
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets High
CVE-2023-50386 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
mingSoft MCMS File Upload vulnerability High
CVE-2024-22567 was published for net.mingsoft:ms-mcms (Maven) Feb 5, 2024
Jenkins temporary uploaded file created with insecure permissions Low
CVE-2023-43497 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
Apache StreamPark Path Traversal vulnerability Critical
CVE-2022-45802 was published for org.apache.streampark:streampark-common_2.11 (Maven) Jul 6, 2023
Apache Linkis Zip Slip issue Critical
CVE-2023-27603 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Apache Linkis Unrestricted File Upload vulnerability Critical
CVE-2023-27602 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
jeecg-boot unrestricted file upload vulnerability Moderate
CVE-2023-34660 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Jun 16, 2023
MCMS vulnerable to arbitrary code execution via crafted thumbnail High
CVE-2020-22755 was published for net.mingsoft:ms-mcms (Maven) May 8, 2023
Arbitrary file write in net.mingsoft:ms-mcms High
CVE-2022-47042 was published for net.mingsoft:ms-mcms (Maven) Jan 26, 2023
Dataease v1.11.1 SQL Injection via parameter dataSourceId Critical
CVE-2022-34115 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module Moderate
CVE-2022-32065 was published for com.ruoyi:ruoyi (Maven) Jul 14, 2022
Unrestricted Upload of File with Dangerous Type in MCMS Critical
CVE-2022-31943 was published for net.mingsoft:ms-mcms (Maven) Jul 2, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
JFinal file validation vulnerability High
CVE-2019-17352 was published for com.jfinal:jfinal (Maven) May 25, 2022
Jeecg-Boot CMS arbitrary file upload vulnerability Critical
CVE-2020-28088 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) May 24, 2022
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager High
CVE-2019-16530 was published for org.sonatype.nexus:nexus-repository (Maven) May 24, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Unrestricted Upload of File with Dangerous Type Apache Tomcat High
CVE-2017-12617 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Unrestricted Upload of File with Dangerous Type in Apache Struts2 High
CVE-2012-1592 was published for org.apache.struts:struts2-core (Maven) Apr 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database