Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
Budibase: Unrestricted Upload of File with Dangerous Type High
CVE-2026-46426 was published for budibase (npm) May 19, 2026
da7om85 Credited to da7om85
Flowise: File Upload Validation Bypass in createAttachment High
CVE-2026-41269 was published for flowise (npm) Apr 16, 2026
quirmz Credited to quirmz
AntAISecurityLab Credited to AntAISecurityLab
Flowise has Arbitrary File Upload via MIME Spoofing High
CVE-2026-30821 was published for flowise (npm) Mar 6, 2026
im-soohyun Credited to im-soohyun
TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution High
CVE-2026-29186 was published for @backstage/plugin-techdocs-node (npm) Mar 5, 2026
FUXA contains an Unrestricted File Upload vulnerability High
CVE-2025-69981 was published for fuxa-server (npm) Feb 3, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload High
CVE-2026-24769 was published for nocodb (npm) Jan 28, 2026
p- Credited to p-
FlowiseAI/Flosise has File Upload vulnerability High
CVE-2025-61687 was published for flowise (npm) Oct 8, 2025
im-soohyun Credited to im-soohyun
N8N's Chat Trigger component is vulnerable to XSS High
CVE-2025-56265 was published for @n8n/n8n-nodes-langchain (npm) Sep 8, 2025
FlowiseAI Flowise arbitrary file upload vulnerability High
CVE-2025-26319 was published for flowise (npm) Mar 5, 2025
Connect-Multiparty allows arbitrary file upload High
CVE-2022-29623 was published for connect-multiparty (npm) May 17, 2022
express-cart unrestricted file upload vulnerability High
CVE-2018-3758 was published for express-cart (npm) May 13, 2022
Express-FileUpload Arbitrary File Overwrite High
CVE-2022-27261 was published for express-fileupload (npm) Apr 13, 2022
ProTip! Advisories are also available from the GraphQL API