GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
574 advisories
Filter by severity
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default...
High
Unreviewed
CVE-2021-23244
was published
Dec 28, 2021
Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition...
High
Unreviewed
CVE-2021-20874
was published
Dec 25, 2021
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited...
High
Unreviewed
CVE-2021-27445
was published
Dec 22, 2021
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Incorrect Permission Assignment for Critical Resource in Singularity
High
CVE-2019-11328
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE...
High
Unreviewed
CVE-2021-42309
was published
Dec 16, 2021
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This...
High
Unreviewed
CVE-2021-0904
was published
Dec 16, 2021
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a...
High
Unreviewed
CVE-2021-44512
was published
Dec 8, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file...
High
Unreviewed
CVE-2021-43034
was published
Dec 7, 2021
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access...
High
Unreviewed
CVE-2021-43359
was published
Dec 2, 2021
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to...
High
Unreviewed
CVE-2021-40101
was published
Dec 1, 2021
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation...
High
Unreviewed
CVE-2021-43019
was published
Nov 24, 2021
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for...
High
Unreviewed
CVE-2021-0064
was published
Nov 18, 2021
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
High
CVE-2021-38557
was published
for
billz/raspap-webgui
(Composer)
Sep 2, 2021
Incorrect Permission Assignment for Critical Resource in Node
High
Unreviewed
CVE-2021-22921
was published
Jul 13, 2021
Code injection in Apache Druid
High
CVE-2021-25646
was published
for
org.apache.druid:druid
(Maven)
Jun 16, 2021
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
High
CVE-2019-18409
was published
for
ruby_parser-legacy
(RubyGems)
Oct 25, 2019
High severity vulnerability that affects org.scala-lang:scala-compiler
High
CVE-2017-15288
was published
for
org.scala-lang:scala-compiler
(Maven)
Oct 19, 2018
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
Doorkeeper subject to Incorrect Permission Assignment
High
CVE-2018-1000211
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
Mercurial has Incorrect Permission Assignment for Critical Resource
High
CVE-2017-9462
was published
for
mercurial
(pip)
Jul 13, 2018
ProTip!
Advisories are also available from the
GraphQL API