Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,476 advisories

Loading
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g.,... High Unreviewed
CVE-2021-27963 was published May 24, 2022
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked... Moderate Unreviewed
CVE-2021-25768 was published May 24, 2022
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to... Moderate Unreviewed
CVE-2021-30487 was published May 24, 2022
In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of... High Unreviewed
CVE-2021-0390 was published May 24, 2022
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt... Low Unreviewed
CVE-2019-18899 was published May 24, 2022
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited... High Unreviewed
CVE-2021-27445 was published Dec 22, 2021
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for... Moderate Unreviewed
CVE-2021-25775 was published May 24, 2022
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. Moderate Unreviewed
CVE-2021-25778 was published May 24, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Moderate
CVE-2017-2612 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on... High Unreviewed
CVE-2018-4028 was published May 24, 2022
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An... Moderate Unreviewed
CVE-2021-27760 was published May 7, 2022
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access... High Unreviewed
CVE-2021-43359 was published Dec 2, 2021
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of... High Unreviewed
CVE-2018-4050 was published May 13, 2022
Phusion Passenger incorrect permission assignment Moderate
CVE-2018-12615 was published for passenger (RubyGems) May 13, 2022
jhutchings1 Credited to jhutchings1
In SonicWall SonicOS, administrators without full permissions can download imported certificates.... Moderate Unreviewed
CVE-2018-9867 was published May 13, 2022
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the... Moderate Unreviewed
CVE-2022-45304 was published Nov 29, 2022
Incorrect Permission Assignment for Critical Resource in NPM High
CVE-2018-7408 was published for npm (npm) May 13, 2022
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the... Moderate Unreviewed
CVE-2022-45301 was published Nov 29, 2022
An exploitable local privilege elevation vulnerability exists in the file system permissions of... High Unreviewed
CVE-2018-4049 was published May 13, 2022
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of... Moderate Unreviewed
CVE-2018-4051 was published May 13, 2022
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings... Moderate Unreviewed
CVE-2021-35248 was published Dec 21, 2021
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all... Moderate Unreviewed
CVE-2022-45306 was published Nov 29, 2022
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the... Moderate Unreviewed
CVE-2022-45305 was published Nov 29, 2022
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the... Moderate Unreviewed
CVE-2022-45307 was published Nov 29, 2022
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11... High Unreviewed
CVE-2021-20264 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database