Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

434 advisories

Loading
Incorrect Permission Assignment for Critical Resource in Ansible Moderate
CVE-2020-1736 was published for ansible (pip) Feb 9, 2022
Incorrect Permission Assignment for Critical Resource in CRI-O Moderate
CVE-2022-0532 was published for github.com/cri-o/cri-o (Go) Feb 11, 2022
Kubernetes Unsafe Cacheing Moderate
CVE-2019-11244 was published for k8s.io/client-go (Go) Feb 15, 2022
A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and... Moderate Unreviewed
CVE-2021-3557 was published Feb 17, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged... Moderate Unreviewed
CVE-2022-25363 was published Feb 25, 2022
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write... Moderate Unreviewed
CVE-2022-0247 was published Feb 26, 2022
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1... Moderate Unreviewed
CVE-2020-27958 was published Feb 27, 2022
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The... Moderate Unreviewed
CVE-2022-26157 was published Mar 1, 2022
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels... Moderate Unreviewed
CVE-2021-3631 was published Mar 4, 2022
Ericsson Network Manager 20.2 has Insecure Permissions. Moderate Unreviewed
CVE-2021-28488 was published Mar 11, 2022
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4,... Moderate Unreviewed
CVE-2020-15388 was published Mar 19, 2022
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user... Moderate Unreviewed
CVE-2022-26247 was published Mar 21, 2022
Missing permission check in Jenkins JiraTestResultReporter Plugin Moderate
CVE-2022-28137 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of... Moderate Unreviewed
CVE-2022-23869 was published Mar 31, 2022
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a... Moderate Unreviewed
CVE-2022-0803 was published Apr 6, 2022
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications ... Moderate Unreviewed
CVE-2022-21475 was published Apr 20, 2022
The affected product is vulnerable to misconfigured binaries, allowing users on the target PC... Moderate Unreviewed
CVE-2021-38483 was published Apr 21, 2022
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls... Moderate Unreviewed
CVE-2021-23055 was published Apr 22, 2022
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7... Moderate Unreviewed
CVE-2007-5544 was published May 1, 2022
The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp... Moderate Unreviewed
CVE-2008-0884 was published May 1, 2022
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which... Moderate Unreviewed
CVE-2009-1073 was published May 2, 2022
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of... Moderate Unreviewed
CVE-2009-3289 was published May 2, 2022
TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions ... Moderate Unreviewed
CVE-2009-3482 was published May 2, 2022
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure... Moderate Unreviewed
CVE-2009-3489 was published May 2, 2022
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at... Moderate Unreviewed
CVE-2009-3897 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database