Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

217 advisories

Loading
Object state limitation has no effect Critical
GHSA-w8qp-hmh5-4v9v was published for ezsystems/ezplatform-kernel (Composer) Apr 29, 2022
Object state limitation has no effect Critical
GHSA-gvj8-4cj4-h776 was published for ibexa/core (Composer) Apr 29, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
Insecure Permissions in Gogs Moderate
CVE-2020-14958 was published for gogs.io/gogs (Go) May 18, 2021
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure... High Unreviewed
CVE-2022-24618 was published Mar 11, 2022
In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic... High Unreviewed
CVE-2021-39695 was published Mar 17, 2022
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to... High Unreviewed
CVE-2021-39704 was published Mar 17, 2022
In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external... High Unreviewed
CVE-2021-39697 was published Mar 17, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS... Moderate Unreviewed
CVE-2022-22650 was published Mar 19, 2022
In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without... High Unreviewed
CVE-2021-0965 was published Dec 16, 2021
In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an... High Unreviewed
CVE-2021-1004 was published Dec 16, 2021
In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a... High Unreviewed
CVE-2021-0985 was published Dec 16, 2021
In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP... High Unreviewed
CVE-2021-0999 was published Dec 16, 2021
In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine... Moderate Unreviewed
CVE-2021-1025 was published Dec 16, 2021
In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This... Moderate Unreviewed
CVE-2021-1010 was published Dec 16, 2021
In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a... Moderate Unreviewed
CVE-2021-0653 was published Dec 16, 2021
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux... High Unreviewed
CVE-2021-3847 was published Apr 3, 2022
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain... High Unreviewed
CVE-2022-24428 was published Apr 9, 2022
In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission... High Unreviewed
CVE-2021-39622 was published Jan 15, 2022
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the... Moderate Unreviewed
CVE-2021-43708 was published Apr 22, 2022
Shopware access control list bypassed via crafted specific URLs Moderate
CVE-2022-36102 was published for shopware/shopware (Composer) Sep 16, 2022
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new ... Low Unreviewed
CVE-2021-20263 was published May 24, 2022
Improper Preservation of Permissions in Apache Struts High
CVE-2019-0233 was published for org.apache.struts:struts2-core (Maven) May 24, 2022
In updateNotification of BeamTransferManager.java, there is a missing permission check. This... Moderate Unreviewed
CVE-2021-0542 was published May 24, 2022
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. High Unreviewed
CVE-2022-29594 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database