Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

212 advisories

Loading
An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL... Moderate Unreviewed
CVE-2023-49932 was published Feb 29, 2024
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop... Moderate Unreviewed
CVE-2024-3545 was published Apr 9, 2024
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or ... High Unreviewed
CVE-2024-10458 was published Oct 29, 2024
Access Control Bypass in Spring Security Critical
CVE-2023-34034 was published for org.springframework.security:spring-security-config (Maven) Jul 19, 2023
bbossola furti
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions ... High Unreviewed
CVE-2022-38473 was published Dec 22, 2022
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated... Moderate Unreviewed
CVE-2024-9333 was published Oct 2, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2024-44188 was published Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2024-40859 was published Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2024-44149 was published Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2024-40770 was published Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2024-27858 was published Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2024-40831 was published Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2024-27795 was published Sep 17, 2024
Podman publishes a malicious image to public registries High
CVE-2022-1227 was published for github.com/containers/podman/v3 (Go) Apr 30, 2022
andrewpollock
SaToken privilege escalation vulnerability Critical
CVE-2023-44794 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Ansible Arbitrary File Overwrite Vulnerability Moderate
CVE-2013-4260 was published for ansible (pip) May 14, 2022
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a... Moderate Unreviewed
CVE-2024-33892 was published Aug 2, 2024
Improperly calculated effective permissions in M-Files Server versions 23.9 and 23.10 and 23.11... Moderate Unreviewed
CVE-2023-6239 was published Nov 28, 2023
Anope before 2.0.15 does not prevent resetting the password of a suspended account. Moderate Unreviewed
CVE-2024-30187 was published Mar 25, 2024
Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
A non-admin user can change or remove important features within the Zabbix Agent application,... Moderate Unreviewed
CVE-2024-22121 was published Aug 12, 2024
User with no permission to any of the Hosts can access and view host count & other statistics... Moderate Unreviewed
CVE-2024-22114 was published Aug 12, 2024
SpiceDB exclusions can result in no permission returned when permission expected Low
CVE-2024-38361 was published for github.com/authzed/spicedb (Go) Jun 20, 2024
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin... High Unreviewed
CVE-2024-23464 was published Aug 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database