Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,458
Erlang
33
GitHub Actions
22
Go
2,156
Maven
5,000+
npm
3,818
NuGet
693
pip
3,497
Pub
12
RubyGems
903
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

247 advisories

Loading
MLflow Path Traversal Vulnerability High
CVE-2023-6976 was published for mlflow (pip) Dec 20, 2023
ThinkAdmin arbitrary file upload vulnerability High
CVE-2023-48966 was published for zoujingli/thinkadmin (Composer) Dec 4, 2023
Microweber file upload vulnerability High
CVE-2023-49052 was published for microweber/microweber (Composer) Nov 30, 2023
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
Guest Entries Remote code execution via file uploads High
CVE-2023-47621 was published for doublethreedigital/guest-entries (Composer) Nov 14, 2023
Statamic CMS remote code execution via front-end form uploads High
CVE-2023-47129 was published for statamic/cms (Composer) Nov 12, 2023
Cyber-Wo0dy
ConcreteCMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-44763 was published for concrete5/concrete5 (Composer) Oct 10, 2023
phpMyFAQ allows unrestricted file types in image field Moderate
CVE-2023-5227 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Economizzer remote code execution vulnerability High
CVE-2023-38874 was published for gugoan/economizzer (Composer) Sep 28, 2023
Jenkins temporary uploaded file created with insecure permissions Low
CVE-2023-43497 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
File Upload vulnerability in Dolibarr ERP CRM High
CVE-2023-38887 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Gradio arbitrary file upload vulnerability Moderate
CVE-2023-41626 was published for gradio (pip) Sep 16, 2023
Cockpit CMS arbitrary file upload vulnerability Moderate
CVE-2023-41564 was published for cockpit-hq/cockpit (Composer) Sep 9, 2023
Pygments vulnerable to ReDoS Moderate
CVE-2022-40896 was published for Pygments (pip) Jul 19, 2023
Admidio vulnerable to Unrestricted Upload of File with Dangerous Type Moderate
CVE-2023-3692 was published for admidio/admidio (Composer) Jul 16, 2023
Apache StreamPark Path Traversal vulnerability Critical
CVE-2022-45802 was published for org.apache.streampark:streampark-common_2.11 (Maven) Jul 6, 2023
Apache Linkis Zip Slip issue Critical
CVE-2023-27603 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Apache Linkis Unrestricted File Upload vulnerability Critical
CVE-2023-27602 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
fuadmin vulnerable to insecure file upload Critical
CVE-2023-36097 was published for funadmin/funadmin (Composer) Jun 22, 2023
Liufee CMS File Upload vulnerability Critical
CVE-2020-21489 was published for feehi/cms (Composer) Jun 20, 2023
liufee CMS File Upload vulnerability Critical
CVE-2020-21174 was published for feehi/cms (Composer) Jun 20, 2023
jeecg-boot unrestricted file upload vulnerability Moderate
CVE-2023-34660 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Jun 16, 2023
alist Incorrect Access Control vulnerability High
CVE-2023-33498 was published for github.com/alist-org/alist/v3 (Go) Jun 7, 2023
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database