Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

434 advisories

Loading
Lack of access control on upoaded files Moderate
CVE-2019-12245 was published for silverstripe/assets (Composer) Nov 12, 2019
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at... Moderate Unreviewed
CVE-2009-3897 was published May 2, 2022
Spring Security's spring-security.xsd file is world writable Moderate
CVE-2023-34042 was published for org.springframework.security:spring-security-config (Maven) Feb 6, 2024
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of... Moderate Unreviewed
CVE-2009-3289 was published May 2, 2022
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure... Moderate Unreviewed
CVE-2009-3489 was published May 2, 2022
TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions ... Moderate Unreviewed
CVE-2009-3482 was published May 2, 2022
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which... Moderate Unreviewed
CVE-2009-1073 was published May 2, 2022
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7... Moderate Unreviewed
CVE-2007-5544 was published May 1, 2022
** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1.... Moderate Unreviewed
CVE-2020-12831 was published May 24, 2022
NuGet Package Manager Tampering Vulnerability Moderate
CVE-2019-0976 was published for NuGet.Commands (NuGet) May 24, 2022
JarLob
Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions... Moderate Unreviewed
CVE-2024-25956 was published Mar 26, 2024
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. Moderate Unreviewed
CVE-2018-12357 was published May 24, 2022
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps... Moderate Unreviewed
CVE-2019-15119 was published May 24, 2022
Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1... Moderate Unreviewed
CVE-2019-11166 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An... Moderate Unreviewed
CVE-2019-15721 was published May 24, 2022
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control... Moderate Unreviewed
CVE-2015-9456 was published May 24, 2022
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if... Moderate Unreviewed
CVE-2019-6465 was published May 24, 2022
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D... Moderate Unreviewed
CVE-2019-5068 was published May 24, 2022
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could... Moderate Unreviewed
CVE-2023-28123 was published Apr 19, 2023
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM... Moderate Unreviewed
CVE-2023-0207 was published Apr 22, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... Moderate Unreviewed
CVE-2023-2478 was published May 8, 2023
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows... Moderate Unreviewed
CVE-2022-41771 was published May 10, 2023
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x... Moderate Unreviewed
CVE-2022-41766 was published May 29, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB... Moderate Unreviewed
CVE-2023-2876 was published Jun 13, 2023
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An... Moderate Unreviewed
CVE-2023-35799 was published Jun 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database