Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

200 advisories

Loading
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of... Moderate Unreviewed
CVE-2022-2787 was published Aug 28, 2022
A flaw was found in satellite. When giving granular permission related to the organization, other... High Unreviewed
CVE-2021-3414 was published Aug 27, 2022
Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an... Low Unreviewed
CVE-2022-31237 was published Aug 23, 2022
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to... High Unreviewed
CVE-2022-31262 was published Aug 18, 2022
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes... High Unreviewed
CVE-2022-22472 was published Jul 1, 2022
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because... Moderate Unreviewed
CVE-2022-32969 was published Jun 30, 2022
Improper validation of permissions for third party application accessing Telephony service API... Moderate Unreviewed
CVE-2021-35079 was published Jun 15, 2022
The communication module has a vulnerability of improper permission preservation. Successful... Moderate Unreviewed
CVE-2022-31755 was published Jun 14, 2022
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. High Unreviewed
CVE-2022-29594 was published Jun 3, 2022
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with... Moderate Unreviewed
CVE-2021-39897 was published May 24, 2022
A permissions issue existed. This issue was addressed with improved permission validation. This... High Unreviewed
CVE-2021-30827 was published May 24, 2022
If a user had granted a permission to a webpage and saved that grant, any webpage running on the... Critical Unreviewed
CVE-2021-29971 was published May 24, 2022
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service... High Unreviewed
CVE-2021-32465 was published May 24, 2022
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to... High Unreviewed
CVE-2020-15496 was published May 24, 2022
In updateNotification of BeamTransferManager.java, there is a missing permission check. This... Moderate Unreviewed
CVE-2021-0542 was published May 24, 2022
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker... Moderate Unreviewed
CVE-2021-22382 was published May 24, 2022
A ZTE product has an information leak vulnerability. Due to improper permission settings, an... Moderate Unreviewed
CVE-2021-21735 was published May 24, 2022
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability... High Unreviewed
CVE-2020-27383 was published May 24, 2022
Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before... High Unreviewed
CVE-2021-0077 was published May 24, 2022
Improper permissions in the installer for the Intel(R) Computing Improvement Program software... High Unreviewed
CVE-2021-0074 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2021-22137 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
joshbressers
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly High Unreviewed
CVE-2021-30482 was published May 24, 2022
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which... Critical Unreviewed
CVE-2020-18890 was published May 24, 2022
If certificates that signed grub are installed into db, grub can be booted directly. It will then... Moderate Unreviewed
CVE-2021-3418 was published May 24, 2022
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new ... Low Unreviewed
CVE-2021-20263 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API