Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,969
Erlang
39
GitHub Actions
38
Go
2,620
Maven
5,000+
npm
4,255
NuGet
760
pip
4,043
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

157 advisories

Loading
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import Low
CVE-2025-58769 was published for auth0/auth0-php (Composer) Oct 1, 2025
Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-7jp2-5h22-m432 was published for auth0/symfony (Composer) Oct 1, 2025
Auth0 Wordpress plugin Does Not Properly Handle File Types in Bulk User Import Low
GHSA-w22c-pw5m-482x was published for auth0/wordpress (Composer) Oct 1, 2025
laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-hjfh-5jmm-xr24 was published for auth0/login (Composer) Oct 1, 2025
Badaso CMS file upload vulnerability High
CVE-2025-52353 was published for badaso/core (Composer) Aug 26, 2025
UnoPim vulnerable to remote code execution through Arbitrary File upload High
CVE-2025-55743 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
Credited to sn1p3rt3s7
MoonShine Arbitrary File Upload Vulnerability Moderate
CVE-2025-51489 was published for moonshine/moonshine (Composer) Aug 19, 2025
simogeo/filemanager arbitrary file upload vulnerability Critical
CVE-2025-46001 was published for simogeo/filemanager (Composer) Jul 18, 2025
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability Critical
CVE-2025-54082 was published for manogi/nova-tiptap (Composer) Jul 21, 2025
vintagesucks
Credited to vintagesucks
October CMS Allows Unprotected SVG Rename in Media Manager Low
CVE-2024-51991 was published for october/october (Composer) May 5, 2025
Cyber-Wo0dy
Credited to Cyber-Wo0dy
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer Moderate
CVE-2025-47939 was published for typo3/cms-core (Composer) May 20, 2025
0xHamy ohader
Credited to 0xHamy and ohader
ShowDoc unrestricted file upload vulnerability Critical
CVE-2025-0520 was published for showdoc/showdoc (Composer) Apr 29, 2025
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
MODX Revolution allows overwriting .htaccess High
CVE-2017-9069 was published for modx/revolution (Composer) May 17, 2022
Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024 withdrawn
zoglo
Credited to zoglo
TYPO3 doesn't properly check file extensions High
CVE-2013-4250 was published for typo3/cms (Composer) May 17, 2022
REDAXO allows Arbitrary File Upload in the mediapool page Moderate
CVE-2025-27411 was published for redaxo/source (Composer) Mar 5, 2025
0xadik
Credited to 0xadik
Uvdesk remote code execution vulnerability High
CVE-2023-0265 was published for uvdesk/community-skeleton (Composer) Apr 5, 2023
Magento 2 Community Edition RCE via Unsafe File Upload Critical
CVE-2020-24407 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to a file upload restriction bypass Critical
CVE-2021-21014 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-8114 was published for magento/community-edition (Composer) May 24, 2022
DevDojo Voyager Arbitrary File Write Moderate
CVE-2024-55417 was published for tcg/voyager (Composer) Jan 30, 2025
Cockpit Arbitrary File Upload High
CVE-2025-1025 was published for cockpit-hq/cockpit (Composer) Feb 5, 2025
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
Credited to minhnq1618
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database