Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,195 advisories

Loading
HashiCorp Vault Incorrect Permission Assignment for Critical Resource Critical
CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021
Incorrect permissions in Apache Ozone Moderate
CVE-2021-39235 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
Exposure of sensitive information in Elasticsearch Moderate
CVE-2021-22147 was published for org.elasticsearch:elasticsearch (Maven) Sep 20, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. High
CVE-2021-38557 was published for billz/raspap-webgui (Composer) Sep 2, 2021
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
Incorrect Permission Assignment for Critical Resource in Node High Unreviewed
CVE-2021-22921 was published Jul 13, 2021
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul Moderate
CVE-2020-12797 was published for github.com/hashicorp/consul (Go) Jun 23, 2021
ProTip! Advisories are also available from the GraphQL API