GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,067 advisories
Filter by severity
Incorrect Permission Assignment for Critical Resource in Node
High
Unreviewed
CVE-2021-22921
was published
Jul 13, 2021
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for...
High
Unreviewed
CVE-2021-0064
was published
Nov 18, 2021
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation...
High
Unreviewed
CVE-2021-43019
was published
Nov 24, 2021
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for...
Moderate
Unreviewed
CVE-2021-44230
was published
Dec 1, 2021
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to...
High
Unreviewed
CVE-2021-40101
was published
Dec 1, 2021
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®...
Critical
Unreviewed
CVE-2021-42115
was published
Dec 1, 2021
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access...
High
Unreviewed
CVE-2021-43359
was published
Dec 2, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file...
High
Unreviewed
CVE-2021-43034
was published
Dec 7, 2021
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone...
Moderate
Unreviewed
CVE-2021-37058
was published
Dec 8, 2021
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a...
High
Unreviewed
CVE-2021-44512
was published
Dec 8, 2021
WebExtensions with the correct permissions were able to create and install ServiceWorkers for...
Moderate
Unreviewed
CVE-2021-43540
was published
Dec 9, 2021
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local...
Low
Unreviewed
CVE-2021-25519
was published
Dec 9, 2021
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission...
Moderate
Unreviewed
CVE-2021-0931
was published
Dec 16, 2021
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This...
High
Unreviewed
CVE-2021-0904
was published
Dec 16, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE...
High
Unreviewed
CVE-2021-42309
was published
Dec 16, 2021
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings...
Moderate
Unreviewed
CVE-2021-35248
was published
Dec 21, 2021
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited...
High
Unreviewed
CVE-2021-27445
was published
Dec 22, 2021
Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition...
High
Unreviewed
CVE-2021-20874
was published
Dec 25, 2021
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default...
High
Unreviewed
CVE-2021-23244
was published
Dec 28, 2021
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges,...
High
Unreviewed
CVE-2021-42562
was published
Jan 13, 2022
File and directory permissions have been corrected to prevent unintended users from modifying or...
Critical
Unreviewed
CVE-2022-22988
was published
Jan 14, 2022
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID...
High
Unreviewed
CVE-2022-23132
was published
Jan 14, 2022
An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable...
Critical
Unreviewed
CVE-2021-22566
was published
Jan 19, 2022
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers...
High
Unreviewed
CVE-2022-0270
was published
Jan 26, 2022
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before...
High
Unreviewed
CVE-2021-46561
was published
Feb 8, 2022
ProTip!
Advisories are also available from the
GraphQL API