Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,195 advisories

Loading
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path... Low Unreviewed
CVE-2024-10228 was published Oct 30, 2024
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote... Moderate Unreviewed
CVE-2022-36800 was published Aug 4, 2022
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of... High Unreviewed
CVE-2024-0128 was published Oct 26, 2024
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
GHSA-x7xj-jvwp-97rv was published for github.com/rancher/rke2 (Go) Oct 25, 2024
Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may... High Unreviewed
CVE-2023-33870 was published Oct 25, 2024
SaltStack Salt Allows creating certificates with weak file permissions Moderate
CVE-2020-17490 was published for salt (pip) May 24, 2022
SaltStack Salt Permissions Bypass High
CVE-2022-22941 was published for salt (pip) Mar 30, 2022
Incorrect Permission Assignment for Critical Resource in Plone Critical
CVE-2021-33509 was published for Plone (pip) Jun 15, 2021
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier... Low Unreviewed
CVE-2024-46897 was published Oct 18, 2024
Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users... High Unreviewed
CVE-2023-6729 was published Oct 17, 2024
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead... Critical Unreviewed
CVE-2024-10018 was published Oct 16, 2024
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226... High Unreviewed
CVE-2024-44729 was published Oct 11, 2024
Insecure permissions in the packaging of tomcat allow local users that win a race during package... High Unreviewed
CVE-2024-22029 was published Oct 16, 2024
Planet's secret file is created with excessive permissions High
CVE-2023-32303 was published for planet (pip) May 12, 2023
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in... Moderate Unreviewed
CVE-2023-5136 was published Nov 8, 2023
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate... High Unreviewed
CVE-2023-49257 was published Jan 12, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Apache Tomcat vulnerable to information leak High
CVE-2023-34981 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 21, 2023
sunSUNQ westonsteimel
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to... High Unreviewed
CVE-2024-7612 was published Oct 8, 2024
Incorrect Permission Assignment for Critical Resource in OnionShare Moderate
CVE-2022-21694 was published for onionshare-cli (pip) Jan 21, 2022
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag... Moderate Unreviewed
CVE-2024-6739 was published Jul 15, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could... Moderate Unreviewed
CVE-2024-6360 was published Oct 2, 2024
Mercurial has Incorrect Permission Assignment for Critical Resource High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2022-43845 was published Sep 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database