Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,987
Maven
5,000+
npm
3,704
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
844
Swift
36
Unreviewed advisories
All unreviewed
5,000+

992 advisories

Loading
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering... High Unreviewed
CVE-2015-7378 was published May 13, 2022
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation... High Unreviewed
CVE-2016-6914 was published May 13, 2022
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change... Moderate Unreviewed
CVE-2013-4394 was published May 13, 2022
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder,... High Unreviewed
CVE-2015-7985 was published May 13, 2022
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10... Moderate Unreviewed
CVE-2019-3870 was published May 13, 2022
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows... High Unreviewed
CVE-2022-30594 was published May 13, 2022
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due... High Unreviewed
CVE-2022-20004 was published May 11, 2022
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive... High Unreviewed
CVE-2022-23802 was published May 7, 2022
Incorrect Default Permissions in Apache Commons FileUpload Low
CVE-2013-0248 was published for commons-fileupload:commons-fileupload (Maven) May 5, 2022
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages... Moderate Unreviewed
CVE-2013-4763 was published May 5, 2022
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3)... Low Unreviewed
CVE-2005-1941 was published May 1, 2022
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with... High Unreviewed
CVE-2002-1844 was published Apr 30, 2022
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home... Low Unreviewed
CVE-2002-1713 was published Apr 30, 2022
Apache Tomcat may be started without proper security settings High
CVE-2002-0493 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure... Moderate Unreviewed
CVE-2001-0497 was published Apr 30, 2022
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. High Unreviewed
CVE-1999-0426 was published Apr 30, 2022
Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype... Moderate Unreviewed
CVE-2004-1778 was published Apr 29, 2022
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is... High Unreviewed
CVE-2022-29585 was published Apr 29, 2022
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker... Moderate Unreviewed
CVE-2022-28218 was published Apr 27, 2022
Moodle default permissions too permissive Moderate
CVE-2012-1157 was published for moodle/moodle (Composer) Apr 23, 2022
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175... Moderate Unreviewed
CVE-2021-3722 was published Apr 23, 2022
Incorrect Default Permissions in CRI-O Moderate
CVE-2022-27652 was published for github.com/cri-o/cri-o (Go) Apr 22, 2022
AndrewGMorgan
The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the... High Unreviewed
CVE-2022-29547 was published Apr 22, 2022
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager... High Unreviewed
CVE-2022-20732 was published Apr 22, 2022
A improper permission configuration vulnerability in Xiaomi Content Center APP. This... Moderate Unreviewed
CVE-2020-14117 was published Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database