Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,494
Maven
5,000+
npm
4,129
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
Vaadin Platform possible file bypass via upload validation on the server-side Moderate
GHSA-c7v7-rqfm-f44j was published for com.vaadin:vaadin (Maven) Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side Moderate
GHSA-94g8-xv23-7656 was published for com.vaadin:vaadin-upload-flow (Maven) Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side Moderate
CVE-2025-9467 was published for com.vaadin:vaadin-server (Maven) Sep 4, 2025
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-56236 was published for FormCMS (NuGet) Aug 28, 2025
Liferay Portal allows unrestricted upload of file in the style books component Moderate
CVE-2025-43766 was published for com.liferay:com.liferay.style.book.web (Maven) Aug 23, 2025
Mattermost Fails to Validate Remote Cluster Upload Sessions Moderate
CVE-2025-49222 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Liferay Portal Unvalidated File Upload Moderate
CVE-2025-43750 was published for com.liferay:com.liferay.dynamic.data.mapping.form.web (Maven) Aug 20, 2025
MoonShine Arbitrary File Upload Vulnerability Moderate
CVE-2025-51489 was published for moonshine/moonshine (Composer) Aug 19, 2025
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads Moderate
CVE-2025-48953 was published for Umbraco.Cms (NuGet) Jun 4, 2025
00mpal00mpa
Erupt Unrestricted Upload of File with Dangerous Type vulnerability Moderate
CVE-2025-45855 was published for xyz.erupt:erupt (Maven) Jun 3, 2025
Gradio Allows Unauthorized File Copy via Path Manipulation Moderate
CVE-2025-48889 was published for gradio (pip) May 29, 2025
jjjutla nkoorty
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer Moderate
CVE-2025-47939 was published for typo3/cms-core (Composer) May 20, 2025
0xHamy ohader
REDAXO allows Arbitrary File Upload in the mediapool page Moderate
CVE-2025-27411 was published for redaxo/source (Composer) Mar 5, 2025
0xadik
DevDojo Voyager Arbitrary File Write Moderate
CVE-2024-55417 was published for tcg/voyager (Composer) Jan 30, 2025
Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders Moderate
CVE-2024-56515 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
FeehiCMS User[avatar] unrestricted upload Moderate
CVE-2024-8296 was published for feehi/cms (Composer) Aug 29, 2024
FeehiCMS file upload vulnerability Moderate
CVE-2024-8294 was published for feehi/cms (Composer) Aug 29, 2024
FeehiCMS BannerForm[img] unrestricted upload Moderate
CVE-2024-8295 was published for feehi/cms (Composer) Aug 29, 2024
Drupal Malicious file upload with filenames stating with dot Moderate
GHSA-58xv-7h9r-mx3c was published for drupal/drupal (Composer) May 15, 2024
Drupal core unrestricted file upload Moderate
GHSA-7gwj-7fhm-vw4w was published for drupal/core (Composer) May 15, 2024
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
PsiTransfer: File integrity violation Moderate
CVE-2024-31454 was published for psitransfer (npm) Apr 5, 2024
onelovegg1
PsiTransfer: Violation of the integrity of file distribution Moderate
CVE-2024-31453 was published for psitransfer (npm) Apr 5, 2024
onelovegg1
VvvebJs Arbitrary File Upload vulnerability Moderate
CVE-2024-29272 was published for vvvebJs (npm) Mar 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database