GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,195 advisories
Filter by severity
Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition...
High
Unreviewed
CVE-2021-20874
was published
Dec 25, 2021
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default...
High
Unreviewed
CVE-2021-23244
was published
Dec 28, 2021
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Moderate
CVE-2022-20614
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges,...
High
Unreviewed
CVE-2021-42562
was published
Jan 13, 2022
File and directory permissions have been corrected to prevent unintended users from modifying or...
Critical
Unreviewed
CVE-2022-22988
was published
Jan 14, 2022
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID...
High
Unreviewed
CVE-2022-23132
was published
Jan 14, 2022
An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable...
Critical
Unreviewed
CVE-2021-22566
was published
Jan 19, 2022
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Moderate
CVE-2022-0277
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Incorrect Permission Assignment for Critical Resource in OnionShare
Moderate
CVE-2022-21694
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers...
High
Unreviewed
CVE-2022-0270
was published
Jan 26, 2022
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before...
High
Unreviewed
CVE-2021-46561
was published
Feb 8, 2022
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
Moderate
CVE-2020-1694
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Incorrect Permission Assignment for Critical Resource in Ansible
Moderate
CVE-2020-1736
was published
for
ansible
(pip)
Feb 9, 2022
Improper privilege handling in Apache Accumulo
High
CVE-2020-17533
was published
for
org.apache.accumulo:accumulo-master
(Maven)
Feb 9, 2022
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M...
High
Unreviewed
CVE-2021-22284
was published
Feb 10, 2022
Incorrect Permission Assignment for Critical Resource in CRI-O
Moderate
CVE-2022-0532
was published
for
github.com/cri-o/cri-o
(Go)
Feb 11, 2022
There is an improper security permission configuration vulnerability on ACPU.Successful...
High
Unreviewed
CVE-2021-39992
was published
Feb 11, 2022
Local privilege escalation due to insecure folder permissions. The following products are...
High
Unreviewed
CVE-2022-0483
was published
Feb 12, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
Critical
CVE-2021-44521
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 12, 2022
Kubernetes Unsafe Cacheing
Moderate
CVE-2019-11244
was published
for
k8s.io/client-go
(Go)
Feb 15, 2022
A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and...
Moderate
Unreviewed
CVE-2021-3557
was published
Feb 17, 2022
RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This...
High
Unreviewed
CVE-2022-25335
was published
Feb 19, 2022
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support...
High
Unreviewed
CVE-2020-25718
was published
Feb 19, 2022
ProTip!
Advisories are also available from the
GraphQL API