GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
430 advisories
Filter by severity
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect...
Moderate
Unreviewed
CVE-2017-1000461
was published
May 13, 2022
Opencast has Incorrect Permission Assignment
Moderate
CVE-2017-1000221
was published
for
org.opencastproject:opencast-kernel
(Maven)
May 13, 2022
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin
Moderate
CVE-2017-1000095
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the...
Moderate
Unreviewed
CVE-2017-0913
was published
May 13, 2022
An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious...
Moderate
Unreviewed
CVE-2017-0601
was published
May 13, 2022
An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage...
Moderate
Unreviewed
CVE-2017-0423
was published
May 13, 2022
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has...
Moderate
Unreviewed
CVE-2017-9079
was published
May 13, 2022
coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module:...
Moderate
Unreviewed
CVE-2018-1000547
was published
May 13, 2022
A permissions flaw was found in redis, which sets weak permissions on certain files and...
Moderate
Unreviewed
CVE-2016-2121
was published
May 13, 2022
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via...
Moderate
Unreviewed
CVE-2017-0883
was published
May 13, 2022
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders...
Moderate
Unreviewed
CVE-2017-0884
was published
May 13, 2022
IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that...
Moderate
Unreviewed
CVE-2017-1624
was published
May 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins
Moderate
CVE-2017-2612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
It was found that rhnsd PID files are created as world-writable that allows local attackers to...
Moderate
Unreviewed
CVE-2017-7560
was published
May 13, 2022
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong...
Moderate
Unreviewed
CVE-2017-9268
was published
May 13, 2022
A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to...
Moderate
Unreviewed
CVE-2018-0392
was published
May 13, 2022
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious...
Moderate
Unreviewed
CVE-2018-12467
was published
May 13, 2022
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific...
Moderate
Unreviewed
CVE-2018-12466
was published
May 13, 2022
It was discovered that sos-collector does not properly set the default permissions of newly...
Moderate
Unreviewed
CVE-2018-14650
was published
May 13, 2022
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40...
Moderate
Unreviewed
CVE-2018-14825
was published
May 13, 2022
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and...
Moderate
Unreviewed
CVE-2018-1113
was published
May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security...
Moderate
Unreviewed
CVE-2018-1370
was published
May 13, 2022
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box...
Moderate
Unreviewed
CVE-2018-1420
was published
May 13, 2022
IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user...
Moderate
Unreviewed
CVE-2018-1724
was published
May 13, 2022
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated...
Moderate
Unreviewed
CVE-2010-2116
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API