Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

394 advisories

Loading
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the... Moderate Unreviewed
CVE-2022-45304 was published Nov 29, 2022
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all... Moderate Unreviewed
CVE-2022-45306 was published Nov 29, 2022
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the... Moderate Unreviewed
CVE-2022-45305 was published Nov 29, 2022
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the... Moderate Unreviewed
CVE-2022-45307 was published Nov 29, 2022
Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master... Moderate Unreviewed
CVE-2022-44280 was published Nov 23, 2022
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on... Moderate Unreviewed
CVE-2022-38461 was published Nov 18, 2022
Sensitive information disclosure due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2022-44746 was published Nov 8, 2022
A permissions issue existed. This issue was addressed with improved permission validation. This... Moderate Unreviewed
CVE-2022-42788 was published Nov 2, 2022
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change... Moderate Unreviewed
CVE-2022-41471 was published Oct 17, 2022
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before... Moderate Unreviewed
CVE-2022-3325 was published Oct 17, 2022
The default privileges for the running service Normand Remisol Advance Launcher in Beckman... Moderate Unreviewed
CVE-2022-26236 was published Oct 7, 2022
The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26238 was published Oct 7, 2022
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement... Moderate Unreviewed
CVE-2022-2975 was published Oct 6, 2022
The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26237 was published Oct 6, 2022
The default privileges for the running service Normand License Manager in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26239 was published Oct 6, 2022
The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26240 was published Oct 6, 2022
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with... Moderate Unreviewed
CVE-2022-23726 was published Oct 1, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. Moderate Unreviewed
CVE-2020-15329 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. Moderate Unreviewed
CVE-2020-15328 was published Sep 30, 2022
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to... Moderate Unreviewed
CVE-2022-40817 was published Sep 28, 2022
A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate... Moderate Unreviewed
CVE-2022-35250 was published Sep 25, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5... Moderate Unreviewed
CVE-2022-32227 was published Sep 25, 2022
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due... Moderate Unreviewed
CVE-2022-20399 was published Sep 14, 2022
IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated... Moderate Unreviewed
CVE-2022-37771 was published Sep 7, 2022
PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing... Moderate Unreviewed
CVE-2022-36670 was published Sep 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database