Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,789
NuGet
825
pip
4,385
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
Badaso CMS file upload vulnerability High
CVE-2025-52353 was published for badaso/core (Composer) Aug 26, 2025
Liferay Portal allows unrestricted upload of file in the style books component Moderate
CVE-2025-43766 was published for com.liferay:com.liferay.style.book.web (Maven) Aug 23, 2025
UnoPim vulnerable to remote code execution through Arbitrary File upload High
CVE-2025-55743 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7 Credited to sn1p3rt3s7
Mattermost Fails to Validate Remote Cluster Upload Sessions Moderate
CVE-2025-49222 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Liferay Portal Unvalidated File Upload Moderate
CVE-2025-43750 was published for com.liferay:com.liferay.dynamic.data.mapping.form.web (Maven) Aug 20, 2025
MoonShine Arbitrary File Upload Vulnerability Moderate
CVE-2025-51489 was published for moonshine/moonshine (Composer) Aug 19, 2025
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability Critical
CVE-2025-54082 was published for manogi/nova-tiptap (Composer) Jul 21, 2025
vintagesucks Credited to vintagesucks
simogeo/filemanager arbitrary file upload vulnerability Critical
CVE-2025-46001 was published for simogeo/filemanager (Composer) Jul 18, 2025
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm Credited to tlm, wallyworld, hpidcock, Fedqys, and setharnold wallyworld wallyworld
hpidcock hpidcock Fedqys Fedqys setharnold setharnold
eKuiper /config/uploads API arbitrary file writing may lead to RCE High
GHSA-gj54-gwj9-x2c6 was published for github.com/lf-edge/ekuiper (Go) Jul 3, 2025
yangbh Credited to yangbh
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads Moderate
CVE-2025-48953 was published for Umbraco.Cms (NuGet) Jun 4, 2025
00mpal00mpa Credited to 00mpal00mpa
Erupt Unrestricted Upload of File with Dangerous Type vulnerability Moderate
CVE-2025-45855 was published for xyz.erupt:erupt (Maven) Jun 3, 2025
Gradio Allows Unauthorized File Copy via Path Manipulation Moderate
CVE-2025-48889 was published for gradio (pip) May 29, 2025
jjjutla Credited to jjjutla, nkoorty, and pventuzelo nkoorty nkoorty
pventuzelo pventuzelo
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer Moderate
CVE-2025-47939 was published for typo3/cms-core (Composer) May 20, 2025
0xHamy Credited to 0xHamy and ohader ohader ohader
October CMS Allows Unprotected SVG Rename in Media Manager Low
CVE-2024-51991 was published for october/october (Composer) May 5, 2025
Cyber-Wo0dy Credited to Cyber-Wo0dy
ShowDoc unrestricted file upload vulnerability Critical
CVE-2025-0520 was published for showdoc/showdoc (Composer) Apr 29, 2025
MCMS allows arbitrary file uploads in the ueditor component Critical
CVE-2025-29287 was published for net.mingsoft:ms-mcms (Maven) Apr 21, 2025
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan Credited to pukkandan, JarLob, Grub4K, dirkf, and rhdesmond JarLob JarLob
Grub4K Grub4K dirkf dirkf rhdesmond rhdesmond
Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions High
CVE-2024-8060 was published for open-webui (pip) Mar 20, 2025
PyTorch Lightning path traversal vulnerability Critical
CVE-2024-8019 was published for pytorch-lightning (pip) Mar 20, 2025
DB-GPT Arbitrary File Write vulnerability Critical
CVE-2024-10901 was published for dbgpt (pip) Mar 20, 2025
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias Credited to dorattias
REDAXO allows Arbitrary File Upload in the mediapool page Moderate
CVE-2025-27411 was published for redaxo/source (Composer) Mar 5, 2025
0xadik Credited to 0xadik
FlowiseAI Flowise arbitrary file upload vulnerability High
CVE-2025-26319 was published for flowise (npm) Mar 5, 2025
Cockpit Arbitrary File Upload High
CVE-2025-1025 was published for cockpit-hq/cockpit (Composer) Feb 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database