Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,476 advisories

Loading
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical... High Unreviewed
CVE-2019-4702 was published May 24, 2022
GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file... High Unreviewed
CVE-2025-50675 was published Aug 7, 2025
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows... Critical Unreviewed
CVE-2025-46093 was published Aug 5, 2025
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime... High Unreviewed
CVE-2025-41659 was published Aug 4, 2025
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest... Moderate Unreviewed
CVE-2025-23285 was published Aug 3, 2025
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view... Critical Unreviewed
CVE-2025-45150 was published Aug 1, 2025
Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a... Critical Unreviewed
CVE-2014-125121 was published Jul 31, 2025
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows... High Unreviewed
CVE-2023-35841 was published May 14, 2024
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive... Moderate Unreviewed
CVE-2025-36104 was published Jul 12, 2025
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker... Critical Unreviewed
CVE-2017-20198 was published Jul 23, 2025
Enables an authenticated user (enrolled device) to access a service protected by Sentry even if... Moderate Unreviewed
CVE-2023-39338 was published Jul 12, 2025
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build... Low Unreviewed
CVE-2025-52992 was published Jun 27, 2025
Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper... Moderate Unreviewed
CVE-2025-5995 was published Jun 26, 2025
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of... High Unreviewed
CVE-2025-36537 was published Jun 26, 2025
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with... Moderate Unreviewed
CVE-2024-11584 was published Jun 26, 2025
Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command. Moderate Unreviewed
CVE-2025-52923 was published Jun 22, 2025
pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign... Critical Unreviewed
CVE-2020-36770 was published Jan 15, 2024
A vulnerability was found in logrotate in how the state file is created. The state file is used... Moderate Unreviewed
CVE-2022-1348 was published May 26, 2022
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
Local privilege escalation due to insecure folder permissions. The following products are... High Unreviewed
CVE-2025-48961 was published Jun 4, 2025
IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform... Moderate Unreviewed
CVE-2024-45655 was published Jun 3, 2025
Permission management vulnerability in the multi-screen interaction module. Successful... High Unreviewed
CVE-2023-52116 was published Jan 16, 2024
In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new... High Unreviewed
CVE-2025-20298 was published Jun 2, 2025
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element... Moderate Unreviewed
CVE-2020-15595 was published May 24, 2022
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to... Critical Unreviewed
CVE-2017-20148 was published Sep 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database