GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
73 advisories
Filter by severity
User with no permission to any of the Hosts can access and view host count & other statistics...
Moderate
Unreviewed
CVE-2024-22114
was published
Aug 12, 2024
A non-admin user can change or remove important features within the Zabbix Agent application,...
Moderate
Unreviewed
CVE-2024-22121
was published
Aug 12, 2024
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a...
Moderate
Unreviewed
CVE-2024-33892
was published
Aug 2, 2024
Quarkus: security checks in resteasy reactive may trigger a denial of service
Moderate
CVE-2024-1726
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Apr 25, 2024
Apache Airflow Improper Preservation of Permissions vulnerability
Moderate
CVE-2024-29735
was published
for
apache-airflow
(pip)
Mar 26, 2024
Anope before 2.0.15 does not prevent resetting the password of a suspended account.
Moderate
Unreviewed
CVE-2024-30187
was published
Mar 25, 2024
Apache Airflow: Ignored Airflow Permission
Moderate
CVE-2024-28746
was published
for
apache-airflow
(pip)
Mar 14, 2024
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through...
Moderate
Unreviewed
CVE-2024-21816
was published
Mar 4, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Improper Preservation of Permissions in etcd
Moderate
CVE-2020-15113
was published
for
github.com/etcd-io/etcd
(Go)
Jan 30, 2024
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version,...
Moderate
Unreviewed
CVE-2024-0674
was published
Jan 30, 2024
Improperly calculated effective permissions in M-Files Server versions 23.9 and 23.10 and 23.11...
Moderate
Unreviewed
CVE-2023-6239
was published
Nov 28, 2023
Netskope was made aware of a security vulnerability in its NSClient product for version 100 &...
Moderate
Unreviewed
CVE-2023-4996
was published
Nov 6, 2023
OpenSearch Issue with tenant read-only permissions
Moderate
CVE-2023-45807
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Oct 17, 2023
The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory....
Moderate
Unreviewed
CVE-2022-47637
was published
Sep 13, 2023
Apache Superset has improper default REST API permission for Gamma users
Moderate
CVE-2023-36387
was published
for
apache-superset
(pip)
Sep 6, 2023
In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time...
Moderate
Unreviewed
CVE-2023-21249
was published
Jul 13, 2023
An insecure filesystem permission in the Insider Threat Management Agent for Windows enables...
Moderate
Unreviewed
CVE-2023-2818
was published
Jun 27, 2023
A valid, authenticated user with limited privileges may be able to use specifically crafted web...
Moderate
Unreviewed
CVE-2023-2993
was published
Jun 26, 2023
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
vantage6 vulnerable to Improper Preservation of Permissions
Moderate
CVE-2023-22738
was published
for
vantage6
(pip)
Feb 28, 2023
The SystemUI has a vulnerability in permission management. Successful exploitation of this...
Moderate
Unreviewed
CVE-2022-48296
was published
Feb 9, 2023
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to...
Moderate
Unreviewed
CVE-2022-4326
was published
Dec 21, 2022
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not...
Moderate
Unreviewed
CVE-2022-47547
was published
Dec 19, 2022
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
Moderate
CVE-2022-44020
was published
for
sushy-tools
(pip)
Oct 30, 2022
ProTip!
Advisories are also available from the
GraphQL API