GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
DotVVM: Unrestricted file upload
Moderate
GHSA-2rm3-333w-xvc4
was published
for
DotVVM
(NuGet)
Jun 19, 2026
Strapi Upload Plugin MIME Validation Bypass via Content API
Moderate
CVE-2026-22707
was published
for
@strapi/upload
(npm)
May 14, 2026
FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images
Moderate
CVE-2026-42879
was published
for
facturascripts/facturascripts
(Composer)
May 7, 2026
pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files
Moderate
CVE-2026-3219
was published
for
pip
(pip)
Apr 20, 2026
Ech0 has Stored XSS via SVG Upload and Content-Type Validation Bypass in File Upload
Moderate
GHSA-69hx-63pv-f8f4
was published
for
github.com/lin-snow/ech0
(Go)
Apr 10, 2026
OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk
Moderate
CVE-2026-41408
was published
for
openclaw
(npm)
Apr 7, 2026
c2cciutils affected by CVE-2022-40896
Moderate
GHSA-qc22-xmq4-qg46
was published
for
c2cciutils
(pip)
Apr 1, 2026
Go Images vulnerable to an out-of-memory error via a crafted TIFF file
Moderate
CVE-2026-33809
was published
for
golang.org/x/image
(Go)
Mar 25, 2026
Umbraco CMS has an arbitrary file upload vulnerability
Moderate
CVE-2025-67288
was published
for
Umbraco.Cms
(NuGet)
Dec 22, 2025
DNN CKEditor Provider allows unauthenticated upload out-of-the-box
Moderate
CVE-2025-62802
was published
for
Dnn.Platform
(NuGet)
Oct 29, 2025
Vaadin Platform possible file bypass via upload validation on the server-side
Moderate
GHSA-c7v7-rqfm-f44j
was published
for
com.vaadin:vaadin
(Maven)
Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side
Moderate
GHSA-94g8-xv23-7656
was published
for
com.vaadin:vaadin-upload-flow
(Maven)
Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side
Moderate
CVE-2025-9467
was published
for
com.vaadin:vaadin-server
(Maven)
Sep 4, 2025
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability
Moderate
CVE-2025-56236
was published
for
FormCMS
(NuGet)
Aug 28, 2025
Liferay Portal allows unrestricted upload of file in the style books component
Moderate
CVE-2025-43766
was published
for
com.liferay:com.liferay.style.book.web
(Maven)
Aug 23, 2025
Mattermost Fails to Validate Remote Cluster Upload Sessions
Moderate
CVE-2025-49222
was published
for
github.com/mattermost/mattermost-server
(Go)
Aug 21, 2025
Liferay Portal Unvalidated File Upload
Moderate
CVE-2025-43750
was published
for
com.liferay:com.liferay.dynamic.data.mapping.form.web
(Maven)
Aug 20, 2025
MoonShine Arbitrary File Upload Vulnerability
Moderate
CVE-2025-51489
was published
for
moonshine/moonshine
(Composer)
Aug 19, 2025
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads
Moderate
CVE-2025-48953
was published
for
Umbraco.Cms
(NuGet)
Jun 4, 2025
Erupt Unrestricted Upload of File with Dangerous Type vulnerability
Moderate
CVE-2025-45855
was published
for
xyz.erupt:erupt
(Maven)
Jun 3, 2025
Gradio Allows Unauthorized File Copy via Path Manipulation
Moderate
CVE-2025-48889
was published
for
gradio
(pip)
May 29, 2025
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
Moderate
CVE-2025-47939
was published
for
typo3/cms-core
(Composer)
May 20, 2025
REDAXO allows Arbitrary File Upload in the mediapool page
Moderate
CVE-2025-27411
was published
for
redaxo/source
(Composer)
Mar 5, 2025
DevDojo Voyager Arbitrary File Write
Moderate
CVE-2024-55417
was published
for
tcg/voyager
(Composer)
Jan 30, 2025
Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders
Moderate
CVE-2024-56515
was published
for
github.com/t2bot/matrix-media-repo
(Go)
Jan 16, 2025
ProTip!
Advisories are also available from the
GraphQL API