GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,081 advisories
Filter by severity
There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this...
Moderate
Unreviewed
CVE-2021-40059
was published
Mar 11, 2022
There is a permission control vulnerability in the Nearby module. Successful exploitation of this...
Critical
Unreviewed
CVE-2021-40053
was published
Mar 11, 2022
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow...
Moderate
Unreviewed
CVE-2021-44215
was published
Mar 11, 2022
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions...
Moderate
Unreviewed
CVE-2021-44216
was published
Mar 11, 2022
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure...
High
Unreviewed
CVE-2022-25943
was published
Mar 10, 2022
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the...
High
Unreviewed
CVE-2021-41652
was published
Mar 3, 2022
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3...
Moderate
Unreviewed
CVE-2021-38268
was published
Mar 3, 2022
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin...
Moderate
Unreviewed
CVE-2021-46270
was published
Mar 3, 2022
User login denial of service in github.com/google/fscrypt
Moderate
CVE-2022-25327
was published
for
github.com/google/fscrypt
(Go)
Feb 26, 2022
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked...
Moderate
Unreviewed
CVE-2022-24337
was published
Feb 26, 2022
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only...
Moderate
Unreviewed
CVE-2022-24343
was published
Feb 26, 2022
There is an improper permission management vulnerability in the Wallet apps. Successful...
Moderate
Unreviewed
CVE-2021-37103
was published
Feb 26, 2022
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an...
High
Unreviewed
CVE-2022-23922
was published
Feb 25, 2022
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an...
High
Unreviewed
CVE-2022-23104
was published
Feb 25, 2022
Incorrect Default Permissions in Cobbler
High
CVE-2021-45083
was published
for
cobbler
(pip)
Feb 21, 2022
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying...
Moderate
Unreviewed
CVE-2021-3155
was published
Feb 19, 2022
An incorrect default permissions vulnerability was found in the mig-controller. Due to an...
Moderate
Unreviewed
CVE-2021-3948
was published
Feb 19, 2022
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
Moderate
Unreviewed
CVE-2022-24301
was published
Feb 15, 2022
Local privilege escalation due to excessive permissions assigned to child processes. The...
High
Unreviewed
CVE-2022-24113
was published
Feb 12, 2022
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious...
Critical
Unreviewed
CVE-2020-14521
was published
Feb 12, 2022
ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms...
Critical
Unreviewed
CVE-2021-39658
was published
Feb 12, 2022
ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify...
Critical
Unreviewed
CVE-2021-39635
was published
Feb 12, 2022
In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the...
High
Unreviewed
CVE-2021-39662
was published
Feb 12, 2022
Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware...
Moderate
Unreviewed
CVE-2022-23996
was published
Feb 12, 2022
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to...
Moderate
Unreviewed
CVE-2022-23995
was published
Feb 12, 2022
ProTip!
Advisories are also available from the
GraphQL API