GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
200 advisories
Filter by severity
If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a...
High
Unreviewed
CVE-2023-28161
was published
Jun 2, 2023
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web...
High
Unreviewed
CVE-2023-31923
was published
May 22, 2023
Remote code execution in Voyager
Critical
CVE-2020-36070
was published
for
tcg/voyager
(Composer)
Apr 26, 2023
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders...
Critical
Unreviewed
CVE-2021-33990
was published
Apr 16, 2023
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Low
CVE-2023-25809
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
vantage6 vulnerable to Improper Preservation of Permissions
Moderate
CVE-2023-22738
was published
for
vantage6
(pip)
Feb 28, 2023
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this...
High
Unreviewed
CVE-2022-48295
was published
Feb 9, 2023
The SystemUI has a vulnerability in permission management. Successful exploitation of this...
Moderate
Unreviewed
CVE-2022-48296
was published
Feb 9, 2023
The bundle management module lacks permission verification in some APIs. Successful exploitation...
High
Unreviewed
CVE-2022-48301
was published
Feb 9, 2023
An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web...
High
Unreviewed
CVE-2020-18329
was published
Jan 26, 2023
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions ...
High
Unreviewed
CVE-2022-38473
was published
Dec 22, 2022
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to...
Moderate
Unreviewed
CVE-2022-4326
was published
Dec 21, 2022
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not...
Moderate
Unreviewed
CVE-2022-47547
was published
Dec 19, 2022
AList vulnerable to Improper Preservation of Permissions
High
CVE-2022-45968
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 12, 2022
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration...
High
Unreviewed
CVE-2022-31608
was published
Nov 19, 2022
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and...
High
Unreviewed
CVE-2021-45446
was published
Nov 2, 2022
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
Moderate
CVE-2022-44020
was published
for
sushy-tools
(pip)
Oct 30, 2022
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access...
Moderate
Unreviewed
CVE-2022-41708
was published
Oct 20, 2022
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate...
High
Unreviewed
CVE-2020-12744
was published
Oct 20, 2022
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in...
High
Unreviewed
CVE-2019-14841
was published
Oct 17, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
fhir-works-on-aws-authz-smart handles permissions improperly
Moderate
CVE-2022-39230
was published
for
fhir-works-on-aws-authz-smart
(npm)
Sep 21, 2022
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile...
High
Unreviewed
CVE-2022-38577
was published
Sep 20, 2022
Shopware access control list bypassed via crafted specific URLs
Moderate
CVE-2022-36102
was published
for
shopware/shopware
(Composer)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API