Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

430 advisories

Loading
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate
CVE-2017-3166 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Ericsson Network Manager 20.2 has Insecure Permissions. Moderate Unreviewed
CVE-2021-28488 was published Mar 11, 2022
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4,... Moderate Unreviewed
CVE-2020-15388 was published Mar 19, 2022
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user... Moderate Unreviewed
CVE-2022-26247 was published Mar 21, 2022
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone... Moderate Unreviewed
CVE-2021-37058 was published Dec 8, 2021
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission... Moderate Unreviewed
CVE-2021-0931 was published Dec 16, 2021
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of... Moderate Unreviewed
CVE-2022-23869 was published Mar 31, 2022
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a... Moderate Unreviewed
CVE-2022-0803 was published Apr 6, 2022
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications ... Moderate Unreviewed
CVE-2022-21475 was published Apr 20, 2022
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the... Moderate Unreviewed
CVE-2022-45307 was published Nov 29, 2022
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the... Moderate Unreviewed
CVE-2022-45305 was published Nov 29, 2022
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings... Moderate Unreviewed
CVE-2021-35248 was published Dec 21, 2021
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all... Moderate Unreviewed
CVE-2022-45306 was published Nov 29, 2022
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of... Moderate Unreviewed
CVE-2018-4051 was published May 13, 2022
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the... Moderate Unreviewed
CVE-2022-45301 was published Nov 29, 2022
In SonicWall SonicOS, administrators without full permissions can download imported certificates.... Moderate Unreviewed
CVE-2018-9867 was published May 13, 2022
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the... Moderate Unreviewed
CVE-2022-45304 was published Nov 29, 2022
Phusion Passenger incorrect permission assignment Moderate
CVE-2018-12615 was published for passenger (RubyGems) May 13, 2022
jhutchings1
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An... Moderate Unreviewed
CVE-2021-27760 was published May 7, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Moderate
CVE-2017-2612 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for... Moderate Unreviewed
CVE-2021-25775 was published May 24, 2022
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. Moderate Unreviewed
CVE-2021-25778 was published May 24, 2022
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to... Moderate Unreviewed
CVE-2021-30487 was published May 24, 2022
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked... Moderate Unreviewed
CVE-2021-25768 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database