Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,476 advisories

Loading
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers Credited to joshbressers
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an... Moderate Unreviewed
CVE-2024-11176 was published Nov 20, 2024
Kata Container to Guest micro VM privilege escalation Moderate
CVE-2026-24834 was published for github.com/kata-containers/kata-containers/src/runtime (Go) Feb 19, 2026
kostya-oai Credited to kostya-oai, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system... High Unreviewed
CVE-2025-33088 was published Feb 18, 2026
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. Moderate Unreviewed
CVE-2026-1344 was published Feb 18, 2026
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system... High Unreviewed
CVE-2026-23648 was published Feb 17, 2026
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to... High Unreviewed
CVE-2019-25343 was published Feb 12, 2026
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local... High Unreviewed
CVE-2019-25344 was published Feb 12, 2026
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to... High Unreviewed
CVE-2025-61969 was published Feb 11, 2026
Incorrect permission assignment for critical resource for some System Firmware Update Utility ... Moderate Unreviewed
CVE-2025-35999 was published Feb 10, 2026
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner Credited to mgerstner
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability High
CVE-2026-0775 was published for npm (npm) Jan 23, 2026 withdrawn
Mauripache Credited to Mauripache
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in... Moderate Unreviewed
CVE-2025-14740 was published Feb 4, 2026
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended... Moderate Unreviewed
CVE-2025-52627 was published Feb 3, 2026
express-cart allows any user to create an admin user High
CVE-2018-12457 was published for express-cart (npm) May 13, 2022
A security issue has been identified in ibaPDA that could allow unauthorized actions on the file... Critical Unreviewed
CVE-2025-14988 was published Jan 27, 2026
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated... High Unreviewed
CVE-2020-36938 was published Jan 27, 2026
pnpm has Path Traversal via arbitrary file permission modification Moderate
CVE-2026-24131 was published for pnpm (npm) Jan 26, 2026
mldangelo Credited to mldangelo
Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10,... Moderate Unreviewed
CVE-2026-22280 was published Jan 22, 2026
A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could... Moderate Unreviewed
CVE-2026-20092 was published Jan 21, 2026
IBM Licensing Operator incorrectly assigns privileges to security critical files which could... High Unreviewed
CVE-2025-12985 was published Jan 20, 2026
Grafana world readable configuration files High
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that... High Unreviewed
CVE-2021-47756 was published Jan 16, 2026
An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon... Moderate Unreviewed
CVE-2025-59961 was published Jan 15, 2026
BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their... High Unreviewed
CVE-2025-13733 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database