Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,131
Maven
5,000+
npm
3,795
NuGet
686
pip
3,473
Pub
12
RubyGems
896
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

272 advisories

Loading
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x... Moderate Unreviewed
CVE-2019-6995 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before... Moderate Unreviewed
CVE-2019-6791 was published May 24, 2022
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get... Low Unreviewed
CVE-2024-22177 was published Apr 2, 2024
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege... High Unreviewed
CVE-2021-45008 was published Feb 22, 2022
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through... Moderate Unreviewed
CVE-2024-21816 was published Mar 4, 2024
Smarty Does Not Consider Umask Values When Setting Permissions Moderate
CVE-2009-5054 was published for smarty/smarty (Composer) May 2, 2022
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version,... Moderate Unreviewed
CVE-2024-0674 was published Jan 30, 2024
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and... Moderate Unreviewed
CVE-2002-2323 was published Apr 30, 2022
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories... Moderate Unreviewed
CVE-2001-1515 was published Apr 30, 2022
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the... Moderate Unreviewed
CVE-2005-1920 was published May 1, 2022
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world... Low Unreviewed
CVE-2001-0195 was published Apr 30, 2022
Improper Preservation of Permissions in etcd Moderate
CVE-2020-15113 was published for github.com/etcd-io/etcd (Go) Jan 30, 2024
Disabled permissions can be granted by Jenkins SSH2 Easy Plugin High
CVE-2023-41939 was published for org.jenkins-ci.plugins:ssh2easy (Maven) Sep 6, 2023
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file... Moderate Unreviewed
CVE-2020-16910 was published May 24, 2022
Missing permission check in Jenkins Support Core Plugin Moderate
CVE-2019-16539 was published for org.jenkins-ci.plugins:support-core (Maven) May 24, 2022
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote... Critical Unreviewed
CVE-2023-47463 was published Nov 30, 2023
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write... High Unreviewed
CVE-2023-43612 was published Nov 20, 2023
Remote code execution in Voyager Critical
CVE-2020-36070 was published for tcg/voyager (Composer) Apr 26, 2023
Netskope was made aware of a security vulnerability in its NSClient product for version 100 &... Moderate Unreviewed
CVE-2023-4996 was published Nov 6, 2023
OpenSearch Issue with tenant read-only permissions Moderate
CVE-2023-45807 was published for org.opensearch.plugin:opensearch-security (Maven) Oct 17, 2023
Apache Superset has improper default REST API permission for Gamma users Moderate
CVE-2023-36387 was published for apache-superset (pip) Sep 6, 2023
Object state limitation has no effect Critical
GHSA-5x4f-7xgq-r42x was published for ezsystems/ezpublish-kernel (Composer) Apr 29, 2022
tdunlap607
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration... High Unreviewed
CVE-2022-31608 was published Nov 19, 2022
Jython Improper Access Restrictions vulnerability Moderate
CVE-2013-2027 was published for org.python:jython-standalone (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2021-22137 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
joshbressers
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database