Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
An insecure filesystem permission in the Insider Threat Management Agent for Windows enables... Moderate Unreviewed
CVE-2023-2818 was published Jun 27, 2023
A valid, authenticated user with limited privileges may be able to use specifically crafted web... Moderate Unreviewed
CVE-2023-2993 was published Jun 26, 2023
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
vantage6 vulnerable to Improper Preservation of Permissions Moderate
CVE-2023-22738 was published for vantage6 (pip) Feb 28, 2023
The SystemUI has a vulnerability in permission management. Successful exploitation of this... Moderate Unreviewed
CVE-2022-48296 was published Feb 9, 2023
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to... Moderate Unreviewed
CVE-2022-4326 was published Dec 21, 2022
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not... Moderate Unreviewed
CVE-2022-47547 was published Dec 19, 2022
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions Moderate
CVE-2022-44020 was published for sushy-tools (pip) Oct 30, 2022
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access... Moderate Unreviewed
CVE-2022-41708 was published Oct 20, 2022
fhir-works-on-aws-authz-smart handles permissions improperly Moderate
CVE-2022-39230 was published for fhir-works-on-aws-authz-smart (npm) Sep 21, 2022
Shopware access control list bypassed via crafted specific URLs Moderate
CVE-2022-36102 was published for shopware/shopware (Composer) Sep 16, 2022
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of... Moderate Unreviewed
CVE-2022-2787 was published Aug 28, 2022
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because... Moderate Unreviewed
CVE-2022-32969 was published Jun 30, 2022
Improper validation of permissions for third party application accessing Telephony service API... Moderate Unreviewed
CVE-2021-35079 was published Jun 15, 2022
The communication module has a vulnerability of improper permission preservation. Successful... Moderate Unreviewed
CVE-2022-31755 was published Jun 14, 2022
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with... Moderate Unreviewed
CVE-2021-39897 was published May 24, 2022
In updateNotification of BeamTransferManager.java, there is a missing permission check. This... Moderate Unreviewed
CVE-2021-0542 was published May 24, 2022
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker... Moderate Unreviewed
CVE-2021-22382 was published May 24, 2022
A ZTE product has an information leak vulnerability. Due to improper permission settings, an... Moderate Unreviewed
CVE-2021-21735 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2021-22137 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
joshbressers
If certificates that signed grub are installed into db, grub can be booted directly. It will then... Moderate Unreviewed
CVE-2021-3418 was published May 24, 2022
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC... Moderate Unreviewed
CVE-2021-23963 was published May 24, 2022
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow... Moderate Unreviewed
CVE-2020-12353 was published May 24, 2022
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file... Moderate Unreviewed
CVE-2020-16910 was published May 24, 2022
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a... Moderate Unreviewed
CVE-2020-6564 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database