Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,538
Maven
5,000+
npm
5,000+
NuGet
914
pip
4,790
Pub
13
RubyGems
1,037
Rust
1,232
Swift
53
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check Critical
CVE-2026-29188 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 4, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly... Critical Unreviewed
CVE-2026-21902 was published Feb 25, 2026
A security issue has been identified in ibaPDA that could allow unauthorized actions on the file... Critical Unreviewed
CVE-2025-14988 was published Jan 27, 2026
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded... Critical Unreviewed
CVE-2025-69426 was published Jan 9, 2026
Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation... Critical Unreviewed
CVE-2025-12004 was published Oct 21, 2025
Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2025-10643 was published Sep 17, 2025
A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions... Critical Unreviewed
CVE-2025-40804 was published Sep 9, 2025
The configuration file containing database logins and passwords is readable by any local user. Critical Unreviewed
CVE-2025-30063 was published Aug 27, 2025
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior... Critical Unreviewed
CVE-2025-4609 was published Aug 22, 2025
Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start... Critical Unreviewed
CVE-2025-8042 was published Aug 19, 2025
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows... Critical Unreviewed
CVE-2025-46093 was published Aug 5, 2025
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view... Critical Unreviewed
CVE-2025-45150 was published Aug 1, 2025
Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a... Critical Unreviewed
CVE-2014-125121 was published Jul 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-43243 was published Jul 30, 2025
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues... Critical Unreviewed
CVE-2025-26469 was published Jul 28, 2025
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker... Critical Unreviewed
CVE-2017-20198 was published Jul 23, 2025
The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions,... Critical Unreviewed
CVE-2025-25373 was published Mar 25, 2025
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx).... Critical Unreviewed
CVE-2025-1413 was published Feb 28, 2025
Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2024-57520 was published Feb 6, 2025
Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. Critical Unreviewed
CVE-2024-55959 was published Jan 21, 2025
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an... Critical Unreviewed
CVE-2024-38337 was published Jan 19, 2025
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication... Critical Unreviewed
CVE-2025-0066 was published Jan 14, 2025
The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for... Critical Unreviewed
CVE-2024-53931 was published Jan 7, 2025
The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme)... Critical Unreviewed
CVE-2024-53932 was published Jan 7, 2025
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v... Critical Unreviewed
CVE-2024-41647 was published Dec 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database