GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,195 advisories
Filter by severity
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This...
High
Unreviewed
CVE-2021-0904
was published
Dec 16, 2021
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission...
Moderate
Unreviewed
CVE-2021-0931
was published
Dec 16, 2021
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local...
Low
Unreviewed
CVE-2021-25519
was published
Dec 9, 2021
WebExtensions with the correct permissions were able to create and install ServiceWorkers for...
Moderate
Unreviewed
CVE-2021-43540
was published
Dec 9, 2021
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a...
High
Unreviewed
CVE-2021-44512
was published
Dec 8, 2021
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone...
Moderate
Unreviewed
CVE-2021-37058
was published
Dec 8, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file...
High
Unreviewed
CVE-2021-43034
was published
Dec 7, 2021
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Critical
CVE-2021-43998
was published
for
github.com/hashicorp/vault
(Go)
Dec 2, 2021
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access...
High
Unreviewed
CVE-2021-43359
was published
Dec 2, 2021
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®...
Critical
Unreviewed
CVE-2021-42115
was published
Dec 1, 2021
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to...
High
Unreviewed
CVE-2021-40101
was published
Dec 1, 2021
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for...
Moderate
Unreviewed
CVE-2021-44230
was published
Dec 1, 2021
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation...
High
Unreviewed
CVE-2021-43019
was published
Nov 24, 2021
Incorrect permissions in Apache Ozone
Moderate
CVE-2021-39235
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for...
High
Unreviewed
CVE-2021-0064
was published
Nov 18, 2021
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
Hashicorp Vault Privilege Escalation Vulnerability
Low
CVE-2021-41802
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
Exposure of sensitive information in Elasticsearch
Moderate
CVE-2021-22147
was published
for
org.elasticsearch:elasticsearch
(Maven)
Sep 20, 2021
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
High
CVE-2021-38557
was published
for
billz/raspap-webgui
(Composer)
Sep 2, 2021
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Incorrect Permission Assignment for Critical Resource in Node
High
Unreviewed
CVE-2021-22921
was published
Jul 13, 2021
A user without PR can reset user authentication failures information
Low
CVE-2021-32729
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-script
(Maven)
Jul 2, 2021
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
Moderate
CVE-2020-12797
was published
for
github.com/hashicorp/consul
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API