Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

200 advisories

Loading
Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for... Moderate Unreviewed
CVE-2018-3762 was published May 13, 2022
Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows... High Unreviewed
CVE-2017-8561 was published May 13, 2022
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x... Low Unreviewed
CVE-2013-6335 was published May 13, 2022
Smarty Does Not Consider Umask Values When Setting Permissions Moderate
CVE-2009-5054 was published for smarty/smarty (Composer) May 2, 2022
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the... Moderate Unreviewed
CVE-2005-1920 was published May 1, 2022
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and... Moderate Unreviewed
CVE-2002-2323 was published Apr 30, 2022
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories... Moderate Unreviewed
CVE-2001-1515 was published Apr 30, 2022
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world... Low Unreviewed
CVE-2001-0195 was published Apr 30, 2022
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for... Moderate Unreviewed
CVE-2017-5033 was published Apr 30, 2022
Podman publishes a malicious image to public registries High
CVE-2022-1227 was published for github.com/containers/podman/v3 (Go) Apr 30, 2022
andrewpollock
Object state limitation has no effect Critical
GHSA-w8qp-hmh5-4v9v was published for ezsystems/ezplatform-kernel (Composer) Apr 29, 2022
Object state limitation has no effect Critical
GHSA-gvj8-4cj4-h776 was published for ibexa/core (Composer) Apr 29, 2022
Object state limitation has no effect Critical
GHSA-5x4f-7xgq-r42x was published for ezsystems/ezpublish-kernel (Composer) Apr 29, 2022
tdunlap607
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified... High Unreviewed
CVE-2021-3523 was published Apr 28, 2022
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the... Moderate Unreviewed
CVE-2021-43708 was published Apr 22, 2022
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain... High Unreviewed
CVE-2022-24428 was published Apr 9, 2022
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux... High Unreviewed
CVE-2021-3847 was published Apr 3, 2022
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin Moderate
CVE-2022-28147 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS... Moderate Unreviewed
CVE-2022-22650 was published Mar 19, 2022
In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external... High Unreviewed
CVE-2021-39697 was published Mar 17, 2022
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to... High Unreviewed
CVE-2021-39704 was published Mar 17, 2022
In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic... High Unreviewed
CVE-2021-39695 was published Mar 17, 2022
Missing permission checks in Jenkins Release Helper Plugin Moderate
CVE-2022-27215 was published for org.jenkins-ci.plugins:release-helper (Maven) Mar 16, 2022
NotMyFault
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure... High Unreviewed
CVE-2022-24618 was published Mar 11, 2022
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege... High Unreviewed
CVE-2021-45008 was published Feb 22, 2022
ProTip! Advisories are also available from the GraphQL API