Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,086
Maven
5,000+
npm
3,747
NuGet
674
pip
3,436
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

451 advisories

Loading
SaltStack Salt Allows creating certificates with weak file permissions Moderate
CVE-2020-17490 was published for salt (pip) May 24, 2022
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote... Moderate Unreviewed
CVE-2022-36800 was published Aug 4, 2022
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network... Moderate Unreviewed
CVE-2024-37087 was published Jun 25, 2024
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2023-52554 was published Apr 8, 2024
A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect... Moderate Unreviewed
CVE-2024-41970 was published Nov 18, 2024
Incorrect Permission Assignment for Critical Resource in Ansible Moderate
CVE-2020-1736 was published for ansible (pip) Feb 9, 2022
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead... Moderate Unreviewed
CVE-2023-5937 was published May 15, 2024
Affected devices create coredump files when crashed, storing them with world-readable permission.... Moderate Unreviewed
CVE-2024-28955 was published Nov 26, 2024
A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD)... Moderate Unreviewed
CVE-2020-3312 was published May 24, 2022
This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of... Moderate Unreviewed
CVE-2024-21703 was published Nov 27, 2024
Spring Security's spring-security.xsd file is world writable Moderate
CVE-2023-34042 was published for org.springframework.security:spring-security-config (Maven) Feb 6, 2024
stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp... Moderate Unreviewed
CVE-2024-54159 was published Nov 30, 2024
Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle... Moderate Unreviewed
CVE-2024-21063 was published Apr 17, 2024
Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.8... Moderate Unreviewed
CVE-2024-45841 was published Dec 5, 2024
Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0... Moderate Unreviewed
CVE-2024-12151 was published Dec 4, 2024
In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices... Moderate Unreviewed
CVE-2024-8256 was published Dec 10, 2024
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-12255 was published Dec 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open... Moderate Unreviewed
CVE-2024-12564 was published Dec 12, 2024
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical... Moderate Unreviewed
CVE-2024-47104 was published Dec 18, 2024
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element... Moderate Unreviewed
CVE-2020-15595 was published May 24, 2022
In multiple files, there is a possible way to access traces in the dev mode due to a permissions... Moderate Unreviewed
CVE-2023-21142 was published Jun 15, 2023
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2... Moderate Unreviewed
CVE-2024-38864 was published Dec 19, 2024
Sensitive information disclosure due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2024-49385 was published Jan 2, 2025
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for... Moderate Unreviewed
CVE-2024-47475 was published Jan 6, 2025
Active Support Possibly Discloses Locally Encrypted Files Moderate
CVE-2023-38037 was published for activesupport (RubyGems) Aug 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database