Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

213 advisories

Loading
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to... Moderate Unreviewed
CVE-2022-4326 was published Dec 21, 2022
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not... Moderate Unreviewed
CVE-2022-47547 was published Dec 19, 2022
AList vulnerable to Improper Preservation of Permissions High
CVE-2022-45968 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration... High Unreviewed
CVE-2022-31608 was published Nov 19, 2022
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and... High Unreviewed
CVE-2021-45446 was published Nov 2, 2022
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions Moderate
CVE-2022-44020 was published for sushy-tools (pip) Oct 30, 2022
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access... Moderate Unreviewed
CVE-2022-41708 was published Oct 20, 2022
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate... High Unreviewed
CVE-2020-12744 was published Oct 20, 2022
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in... High Unreviewed
CVE-2019-14841 was published Oct 17, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
fhir-works-on-aws-authz-smart handles permissions improperly Moderate
CVE-2022-39230 was published for fhir-works-on-aws-authz-smart (npm) Sep 21, 2022
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile... High Unreviewed
CVE-2022-38577 was published Sep 20, 2022
Shopware access control list bypassed via crafted specific URLs Moderate
CVE-2022-36102 was published for shopware/shopware (Composer) Sep 16, 2022
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of... Moderate Unreviewed
CVE-2022-2787 was published Aug 28, 2022
A flaw was found in satellite. When giving granular permission related to the organization, other... High Unreviewed
CVE-2021-3414 was published Aug 27, 2022
Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an... Low Unreviewed
CVE-2022-31237 was published Aug 23, 2022
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to... High Unreviewed
CVE-2022-31262 was published Aug 18, 2022
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes... High Unreviewed
CVE-2022-22472 was published Jul 1, 2022
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because... Moderate Unreviewed
CVE-2022-32969 was published Jun 30, 2022
Improper validation of permissions for third party application accessing Telephony service API... Moderate Unreviewed
CVE-2021-35079 was published Jun 15, 2022
The communication module has a vulnerability of improper permission preservation. Successful... Moderate Unreviewed
CVE-2022-31755 was published Jun 14, 2022
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. High Unreviewed
CVE-2022-29594 was published Jun 3, 2022
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with... Moderate Unreviewed
CVE-2021-39897 was published May 24, 2022
A permissions issue existed. This issue was addressed with improved permission validation. This... High Unreviewed
CVE-2021-30827 was published May 24, 2022
If a user had granted a permission to a webpage and saved that grant, any webpage running on the... Critical Unreviewed
CVE-2021-29971 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database