Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
Improper permission handling in Apache Solr High
CVE-2021-29262 was published for org.apache.solr:solr-core (Maven) May 10, 2021
Permissions bypass in pleaser High
CVE-2021-31155 was published for pleaser (Rust) Aug 25, 2021
michaelkedar
Credited to michaelkedar
Execution with Unnecessary Privileges in ipython High
CVE-2022-21699 was published for ipython (pip) Jan 21, 2022
mlucool quarl
Credited to mlucool and quarl
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document... Moderate Unreviewed
CVE-2017-8441 was published May 13, 2022
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0... High Unreviewed
CVE-2023-4383 was published Aug 16, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5... High Unreviewed
CVE-2023-3915 was published Sep 1, 2023
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows... High Unreviewed
CVE-2023-4665 was published Sep 15, 2023
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta)... Moderate Unreviewed
CVE-2023-50914 was published Apr 30, 2024
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST... Critical Unreviewed
CVE-2024-37734 was published Jun 27, 2024
Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition... Moderate Unreviewed
CVE-2024-37025 was published Nov 13, 2024
A local low-level user on the server machine with credentials to the running OAS services can... High Unreviewed
CVE-2024-11220 was published Dec 6, 2024
Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800... Low Unreviewed
CVE-2024-39286 was published Feb 13, 2025
aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role Low
GHSA-qc59-cxj2-c2w4 was published for aws-cdk-lib (npm) Apr 15, 2025
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™... Moderate Unreviewed
CVE-2025-20612 was published May 13, 2025
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™... High Unreviewed
CVE-2025-22843 was published May 13, 2025
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™... Moderate Unreviewed
CVE-2025-23233 was published May 13, 2025
NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker... High Unreviewed
CVE-2025-23263 was published Jul 17, 2025
In dump of WindowManagerService.java, there is a possible way of running dumpsys without the... Moderate Unreviewed
CVE-2025-26422 was published Sep 4, 2025
Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability High
CVE-2025-30001 was published for org.apache.streampark:streampark (Maven) Oct 10, 2025
containerd affected by a local privilege escalation via wide permissions on CRI directory High
CVE-2024-25621 was published for github.com/containerd/containerd (Go) Nov 6, 2025
dgl
Credited to dgl
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the... Moderate Unreviewed
CVE-2025-13663 was published Dec 11, 2025
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user... Low Unreviewed
CVE-2025-36228 was published Dec 26, 2025
A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP,... High Unreviewed
CVE-2025-14025 was published Jan 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database