Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload Low
CVE-2026-33221 was published for github.com/nhost/nhost (Go) Mar 18, 2026
0xkakash1 Credited to 0xkakash1
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload... Low Unreviewed
CVE-2025-36183 was published Feb 18, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and... Low Unreviewed
CVE-2026-1791 was published Feb 4, 2026
Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS) Low
CVE-2025-70849 was published for github.com/stefanprodan/podinfo (Go) Feb 3, 2026
stefanprodan Credited to stefanprodan
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file... Low Unreviewed
CVE-2025-55251 was published Jan 19, 2026
Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version... Low Unreviewed
CVE-2025-24862 was published Nov 11, 2025
Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger... Low Unreviewed
CVE-2025-42883 was published Nov 11, 2025
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple... Low Unreviewed
CVE-2025-63678 was published Nov 11, 2025
Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-7jp2-5h22-m432 was published for auth0/symfony (Composer) Oct 1, 2025
Auth0 Wordpress plugin Does Not Properly Handle File Types in Bulk User Import Low
GHSA-w22c-pw5m-482x was published for auth0/wordpress (Composer) Oct 1, 2025
laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-hjfh-5jmm-xr24 was published for auth0/login (Composer) Oct 1, 2025
auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import Low
CVE-2025-58769 was published for auth0/auth0-php (Composer) Oct 1, 2025
DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via... Low Unreviewed
CVE-2025-55455 was published Aug 22, 2025
October CMS Allows Unprotected SVG Rename in Media Manager Low
CVE-2024-51991 was published for october/october (Composer) May 5, 2025
Cyber-Wo0dy Credited to Cyber-Wo0dy
Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API... Low Unreviewed
CVE-2024-47259 was published Mar 4, 2025
HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts... Low Unreviewed
CVE-2024-42180 was published Jan 13, 2025
Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024 withdrawn
zoglo Credited to zoglo
Zenario allows authenticated admin users to upload PDF files containing malicious code Low
CVE-2024-45960 was published for tribalsystems/zenario (Composer) Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript Low
CVE-2024-45962 was published for october/october (Composer) Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618 Credited to minhnq1618
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload... Low Unreviewed
CVE-2024-28166 was published Aug 13, 2024
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload... Low Unreviewed
CVE-2024-41731 was published Aug 13, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11... Low Unreviewed
CVE-2024-6595 was published Jul 17, 2024
Due to missing verification of file type or content, SAP Enable Now allows an authenticated... Low Unreviewed
CVE-2024-34692 was published Jul 9, 2024
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload... Low Unreviewed
CVE-2023-47711 was published May 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database