Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
carbon-apimgt does not properly restrict uploaded files Critical
CVE-2025-13590 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl (Maven) Feb 19, 2026
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
chximn-dt
Credited to chximn-dt
MCMS allows arbitrary file uploads in the ueditor component Critical
CVE-2025-29287 was published for net.mingsoft:ms-mcms (Maven) Apr 21, 2025
Apache Linkis Zip Slip issue Critical
CVE-2023-27603 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Apache Linkis Unrestricted File Upload vulnerability Critical
CVE-2023-27602 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Apache StreamPark Path Traversal vulnerability Critical
CVE-2022-45802 was published for org.apache.streampark:streampark-common_2.11 (Maven) Jul 6, 2023
Jeecg-Boot CMS arbitrary file upload vulnerability Critical
CVE-2020-28088 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) May 24, 2022
Arbitrary file upload in Mingsoft MCMS Critical
CVE-2022-23315 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
Arbitrary File Upload in Mingsoft MCMS Critical
CVE-2022-22929 was published for net.mingsoft:ms-mcms (Maven) Jan 22, 2022
File upload leading to RCE in MCMS Critical
CVE-2021-46036 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
Dataease v1.11.1 SQL Injection via parameter dataSourceId Critical
CVE-2022-34115 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
Mingsoft MCMS vulnerable to Remote Code Execution via file upload. Critical
CVE-2021-46386 was published for net.mingsoft:ms-mcms (Maven) Jan 27, 2022
Unrestricted Upload of File with Dangerous Type in MCMS Critical
CVE-2022-31943 was published for net.mingsoft:ms-mcms (Maven) Jul 2, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms Critical
CVE-2018-18830 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
Unrestricted upload of file with dangerous type in Apache Solr Critical
CVE-2019-12409 was published for org.apache.solr:solr-core (Maven) Jan 28, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database