GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
434 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-3166
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Ericsson Network Manager 20.2 has Insecure Permissions.
Moderate
Unreviewed
CVE-2021-28488
was published
Mar 11, 2022
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4,...
Moderate
Unreviewed
CVE-2020-15388
was published
Mar 19, 2022
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user...
Moderate
Unreviewed
CVE-2022-26247
was published
Mar 21, 2022
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission...
Moderate
Unreviewed
CVE-2021-0931
was published
Dec 16, 2021
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone...
Moderate
Unreviewed
CVE-2021-37058
was published
Dec 8, 2021
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of...
Moderate
Unreviewed
CVE-2022-23869
was published
Mar 31, 2022
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a...
Moderate
Unreviewed
CVE-2022-0803
was published
Apr 6, 2022
SilverStripe Subsite weakens file permissions
Moderate
CVE-2022-42949
was published
for
silverstripe/subsites
(Composer)
Dec 19, 2022
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications ...
Moderate
Unreviewed
CVE-2022-21475
was published
Apr 20, 2022
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the...
Moderate
Unreviewed
CVE-2022-45305
was published
Nov 29, 2022
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the...
Moderate
Unreviewed
CVE-2022-45307
was published
Nov 29, 2022
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all...
Moderate
Unreviewed
CVE-2022-45306
was published
Nov 29, 2022
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings...
Moderate
Unreviewed
CVE-2021-35248
was published
Dec 21, 2021
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of...
Moderate
Unreviewed
CVE-2018-4051
was published
May 13, 2022
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the...
Moderate
Unreviewed
CVE-2022-45301
was published
Nov 29, 2022
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the...
Moderate
Unreviewed
CVE-2022-45304
was published
Nov 29, 2022
In SonicWall SonicOS, administrators without full permissions can download imported certificates....
Moderate
Unreviewed
CVE-2018-9867
was published
May 13, 2022
Phusion Passenger incorrect permission assignment
Moderate
CVE-2018-12615
was published
for
passenger
(RubyGems)
May 13, 2022
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An...
Moderate
Unreviewed
CVE-2021-27760
was published
May 7, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins
Moderate
CVE-2017-2612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for...
Moderate
Unreviewed
CVE-2021-25775
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
Moderate
Unreviewed
CVE-2021-25778
was published
May 24, 2022
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to...
Moderate
Unreviewed
CVE-2021-30487
was published
May 24, 2022
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked...
Moderate
Unreviewed
CVE-2021-25768
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API