GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
41 advisories
Budibase: Unrestricted Upload of File with Dangerous Type
High
CVE-2026-46426
was published
for
budibase
(npm)
May 19, 2026
Strapi Upload Plugin MIME Validation Bypass via Content API
Moderate
CVE-2026-22707
was published
for
@strapi/upload
(npm)
May 14, 2026
Flowise: File Upload Validation Bypass in createAttachment
High
CVE-2026-41269
was published
for
flowise
(npm)
Apr 16, 2026
OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk
Moderate
CVE-2026-41408
was published
for
openclaw
(npm)
Apr 7, 2026
OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal
High
CVE-2026-41397
was published
for
openclaw
(npm)
Apr 3, 2026
Flowise has Arbitrary File Upload via MIME Spoofing
High
CVE-2026-30821
was published
for
flowise
(npm)
Mar 6, 2026
n8n Merge Node has Arbitrary File Write leading to RCE
Critical
CVE-2026-25056
was published
for
n8n
(npm)
Feb 4, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload
High
CVE-2026-24769
was published
for
nocodb
(npm)
Jan 28, 2026
n8n Vulnerable to RCE via Arbitrary File Write
Critical
CVE-2026-21877
was published
for
n8n
(npm)
Jan 6, 2026
FlowiseAI/Flosise has File Upload vulnerability
High
CVE-2025-61687
was published
for
flowise
(npm)
Oct 8, 2025
Flowise Pre-auth Arbitrary File Upload
Critical
GHSA-h42x-xx2q-6v6g
was published
for
flowise
(npm)
Mar 13, 2025
angular-base64-upload vulnerable to unauthenticated remote code execution
Critical
CVE-2024-42640
was published
for
angular-base64-upload
(npm)
Oct 11, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
Jan path traversal vulnerability
Critical
CVE-2024-36858
was published
for
@janhq/core
(npm)
Jun 4, 2024
NocoDB Allows Preview of Files with Dangerous Content
Moderate
CVE-2023-50717
was published
for
nocodb
(npm)
May 13, 2024
PsiTransfer: File integrity violation
Moderate
CVE-2024-31454
was published
for
psitransfer
(npm)
Apr 5, 2024
PsiTransfer: Violation of the integrity of file distribution
Moderate
CVE-2024-31453
was published
for
psitransfer
(npm)
Apr 5, 2024
Phishing attack vulnerability by uploading malicious HTML file
Moderate
CVE-2023-32689
was published
for
parse-server
(npm)
May 31, 2023
ProTip!
Advisories are also available from the
GraphQL API