GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,715
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,026 advisories
Filter by severity
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the...
High
Unreviewed
CVE-2021-41652
was published
Mar 3, 2022
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure...
High
Unreviewed
CVE-2022-25943
was published
Mar 10, 2022
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions...
Moderate
Unreviewed
CVE-2021-44216
was published
Mar 11, 2022
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow...
Moderate
Unreviewed
CVE-2021-44215
was published
Mar 11, 2022
There is a permission control vulnerability in the Nearby module. Successful exploitation of this...
Critical
Unreviewed
CVE-2021-40053
was published
Mar 11, 2022
There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this...
Moderate
Unreviewed
CVE-2021-40059
was published
Mar 11, 2022
There is a permission control vulnerability in the PMS module. Successful exploitation of this...
High
Unreviewed
CVE-2021-40049
was published
Mar 11, 2022
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with...
Low
Unreviewed
CVE-2021-3981
was published
Mar 11, 2022
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a...
Moderate
Unreviewed
CVE-2021-20269
was published
Mar 11, 2022
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission...
Moderate
Unreviewed
CVE-2021-32006
was published
Mar 11, 2022
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27205
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
Missing permission checks in AWS Credentials Plugin
Moderate
CVE-2022-27199
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
Mar 16, 2022
In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message...
High
Unreviewed
CVE-2021-39734
was published
Mar 17, 2022
In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials...
High
Unreviewed
CVE-2021-39706
was published
Mar 17, 2022
In getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a...
Moderate
Unreviewed
CVE-2021-39705
was published
Mar 17, 2022
In parse of RoleParser.java, there is a possible way for default apps to get permissions...
High
Unreviewed
CVE-2021-39694
was published
Mar 17, 2022
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder...
Moderate
Unreviewed
CVE-2021-22571
was published
Mar 19, 2022
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain...
Moderate
Unreviewed
CVE-2022-25570
was published
Mar 22, 2022
Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13...
High
Unreviewed
CVE-2021-44905
was published
Mar 26, 2022
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website...
Moderate
Unreviewed
CVE-2021-44751
was published
Mar 26, 2022
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a...
High
Unreviewed
CVE-2021-40904
was published
Mar 27, 2022
The vCenter Server contains an information disclosure vulnerability due to improper permission of...
Moderate
Unreviewed
CVE-2022-22948
was published
Mar 30, 2022
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect...
High
Unreviewed
CVE-2022-26839
was published
Mar 30, 2022
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could...
Moderate
Unreviewed
CVE-2021-39779
was published
Mar 31, 2022
In Traceur, there is a possible bypass of developer settings requirements for capturing system...
High
Unreviewed
CVE-2021-39780
was published
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API