Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

121 advisories

Loading
eKuiper /config/uploads API arbitrary file writing may lead to RCE High
GHSA-gj54-gwj9-x2c6 was published for github.com/lf-edge/ekuiper (Go) Jul 3, 2025
yangbh
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan JarLob
Grub4K dirkf rhdesmond
Connect-Multiparty allows arbitrary file upload High
CVE-2022-29623 was published for connect-multiparty (npm) May 17, 2022
MODX Revolution allows overwriting .htaccess High
CVE-2017-9069 was published for modx/revolution (Composer) May 17, 2022
TYPO3 doesn't properly check file extensions High
CVE-2013-4250 was published for typo3/cms (Composer) May 17, 2022
Unrestricted file upload in kiwi TCMS High
CVE-2023-30613 was published for kiwitcms (pip) Apr 24, 2023
mosaa404
Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions High
CVE-2024-8060 was published for open-webui (pip) Mar 20, 2025
FlowiseAI Flowise arbitrary file upload vulnerability High
CVE-2025-26319 was published for flowise (npm) Mar 5, 2025
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets High
CVE-2023-50386 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2024-22393 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Uvdesk remote code execution vulnerability High
CVE-2023-0265 was published for uvdesk/community-skeleton (Composer) Apr 5, 2023
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-8114 was published for magento/community-edition (Composer) May 24, 2022
Cockpit Arbitrary File Upload High
CVE-2025-1025 was published for cockpit-hq/cockpit (Composer) Feb 5, 2025
Apache StreamPipes has potential remote code execution (RCE) via file upload High
CVE-2024-31411 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish fforootd
livio-a adlerhurst
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders High
CVE-2024-53863 was published for matrix-synapse (pip) Dec 3, 2024
Command injection in Yamale High
CVE-2021-38305 was published for yamale (pip) Aug 11, 2021
Automad arbitrary file upload vulnerability High
CVE-2024-40400 was published for automad/automad (Composer) Jul 19, 2024
marcantondahmen
Livewire Remote Code Execution on File Uploads High
CVE-2024-47823 was published for livewire/livewire (Composer) Oct 8, 2024
angelej RChutchev
Path Traversal in Django High
CVE-2021-31542 was published for Django (pip) Jun 4, 2021
tdunlap607
Contao affected by remote command execution through file upload High
CVE-2024-45398 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. High
CVE-2021-40324 was published for cobbler (pip) Oct 5, 2021
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Unrestricted Upload of File with Dangerous Type Apache Tomcat High
CVE-2017-12617 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database