Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

200 advisories

Loading
Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard... High Unreviewed
CVE-2022-21203 was published Feb 11, 2022
In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission... High Unreviewed
CVE-2021-39622 was published Jan 15, 2022
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux High
CVE-2021-43816 was published for github.com/containerd/containerd (Go) Jan 6, 2022
Possible access control violation while setting current permission for VMIDs due to improper... High Unreviewed
CVE-2021-30279 was published Jan 4, 2022
In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a... Moderate Unreviewed
CVE-2021-0653 was published Dec 16, 2021
In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java,... Moderate Unreviewed
CVE-2021-0704 was published Dec 16, 2021
In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass... High Unreviewed
CVE-2021-0927 was published Dec 16, 2021
In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access... High Unreviewed
CVE-2021-0953 was published Dec 16, 2021
In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without... High Unreviewed
CVE-2021-0965 was published Dec 16, 2021
In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a... High Unreviewed
CVE-2021-0985 was published Dec 16, 2021
In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP... High Unreviewed
CVE-2021-0999 was published Dec 16, 2021
In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an... High Unreviewed
CVE-2021-1004 was published Dec 16, 2021
In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This... Moderate Unreviewed
CVE-2021-1010 was published Dec 16, 2021
In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine... Moderate Unreviewed
CVE-2021-1025 was published Dec 16, 2021
There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37044 was published Dec 9, 2021
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a... High Unreviewed
CVE-2021-44512 was published Dec 8, 2021
There is an Improper permission control vulnerability in Huawei Smartphone.Successful... Moderate Unreviewed
CVE-2021-37056 was published Dec 8, 2021
There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37086 was published Dec 8, 2021
There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37006 was published Nov 24, 2021
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki Moderate
CVE-2021-3978 was published for github.com/cloudflare/cfrpki (Go) Nov 19, 2021
ties
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for... High Unreviewed
CVE-2021-0064 was published Nov 18, 2021
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 Critical
CVE-2021-38553 was published for github.com/hashicorp/vault (Go) Aug 30, 2021
avivdolev
Access control flaw in Kiali High
CVE-2021-3495 was published for github.com/kiali/kiali (Go) Jun 8, 2021
Insecure Permissions in Gogs Moderate
CVE-2020-14958 was published for gogs.io/gogs (Go) May 18, 2021
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro Low
CVE-2021-21379 was published for org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven) Mar 23, 2021
ProTip! Advisories are also available from the GraphQL API