Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

434 advisories

Loading
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes... Moderate Unreviewed
CVE-2019-11738 was published May 24, 2022
In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. Moderate Unreviewed
CVE-2019-16183 was published May 24, 2022
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for... Moderate Unreviewed
CVE-2019-15716 was published May 24, 2022
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions,... Moderate Unreviewed
CVE-2018-7822 was published May 24, 2022
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows... Moderate Unreviewed
CVE-2014-7301 was published May 17, 2022
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak... Moderate Unreviewed
CVE-2010-4176 was published May 17, 2022
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes... Moderate Unreviewed
CVE-2022-30375 was published May 14, 2022
Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f... Moderate Unreviewed
CVE-2022-30367 was published May 14, 2022
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM... Moderate Unreviewed
CVE-2018-9085 was published May 13, 2022
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable... Moderate Unreviewed
CVE-2017-7761 was published May 13, 2022
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There... Moderate Unreviewed
CVE-2017-6404 was published May 13, 2022
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device,... Moderate Unreviewed
CVE-2017-5622 was published May 13, 2022
Parameterized Trigger Plugin fails to check Item/Build permission Moderate
CVE-2017-1000084 was published for org.jenkins-ci.plugins:parameterized-trigger (Maven) May 13, 2022
Jenkins Build Step Plugin fails to check Item/Build permission Moderate
CVE-2017-1000089 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) May 13, 2022
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages,... Moderate Unreviewed
CVE-2017-0369 was published May 13, 2022
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM)... Moderate Unreviewed
CVE-2018-13287 was published May 13, 2022
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM... Moderate Unreviewed
CVE-2018-13286 was published May 13, 2022
It was discovered that sos-collector does not properly set the default permissions of newly... Moderate Unreviewed
CVE-2018-14650 was published May 13, 2022
Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has... Moderate Unreviewed
CVE-2011-2859 was published May 13, 2022
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly... Moderate Unreviewed
CVE-2011-2782 was published May 13, 2022
Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions,... Moderate Unreviewed
CVE-2011-1435 was published May 13, 2022
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to... Moderate Unreviewed
CVE-2017-9505 was published May 13, 2022
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default... Moderate Unreviewed
CVE-2019-0683 was published May 13, 2022
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function... Moderate Unreviewed
CVE-2018-14335 was published May 13, 2022
Moodle Incorrect Default Settings Moderate
CVE-2011-4285 was published for moodle/moodle (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database