GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,111 advisories
Filter by severity
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
Drupal core Unrestricted Upload of File with Dangerous Type
High
CVE-2020-13671
was published
for
drupal/core
(Composer)
Oct 12, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
High
CVE-2021-40324
was published
for
cobbler
(pip)
Oct 5, 2021
Arbitrary Code Execution in feehi/cms
High
CVE-2020-21322
was published
for
feehi/cms
(Composer)
Sep 20, 2021
Unrestricted File Upload in ShowDoc v2.9.5
Critical
CVE-2021-36440
was published
for
showdoc/showdoc
(Composer)
Sep 9, 2021
Arbitrary file upload in Fork CMS
High
CVE-2021-28931
was published
for
forkcms/forkcms
(Composer)
Sep 8, 2021
Unrestricted Upload of File with Dangerous Type in django-widgy
Critical
CVE-2020-18704
was published
for
django-widgy
(pip)
Aug 30, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
Moderate
CVE-2020-9472
was published
for
UmbracoCms
(NuGet)
Aug 2, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
Script injection
Moderate
CVE-2021-32660
was published
for
@backstage/techdocs-common
(npm)
Jun 4, 2021
Script injection
Moderate
CVE-2021-32661
was published
for
@backstage/plugin-techdocs
(npm)
Jun 4, 2021
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21351
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21350
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21347
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21346
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
Moderate
CVE-2021-21344
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Moderate
CVE-2020-26255
was published
for
getkirby/cms
(Composer)
Dec 8, 2020
ProTip!
Advisories are also available from the
GraphQL API