GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
247 advisories
Filter by severity
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which...
Critical
Unreviewed
CVE-2020-18890
was published
May 24, 2022
Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before...
High
Unreviewed
CVE-2021-0077
was published
May 24, 2022
A ZTE product has an information leak vulnerability. Due to improper permission settings, an...
Moderate
Unreviewed
CVE-2021-21735
was published
May 24, 2022
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker...
Moderate
Unreviewed
CVE-2021-22382
was published
May 24, 2022
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
High
Unreviewed
CVE-2021-30482
was published
May 24, 2022
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability...
High
Unreviewed
CVE-2020-27383
was published
May 24, 2022
Improper permissions in the installer for the Intel(R) Computing Improvement Program software...
High
Unreviewed
CVE-2021-0074
was published
May 24, 2022
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified...
High
Unreviewed
CVE-2021-3523
was published
Apr 28, 2022
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to...
High
Unreviewed
CVE-2020-15496
was published
May 24, 2022
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to...
Moderate
Unreviewed
CVE-2022-4326
was published
Dec 21, 2022
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service...
High
Unreviewed
CVE-2021-32465
was published
May 24, 2022
If a user had granted a permission to a webpage and saved that grant, any webpage running on the...
Critical
Unreviewed
CVE-2021-29971
was published
May 24, 2022
A flaw was found in satellite. When giving granular permission related to the organization, other...
High
Unreviewed
CVE-2021-3414
was published
Aug 27, 2022
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
Critical
CVE-2021-38553
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
A permissions issue existed. This issue was addressed with improved permission validation. This...
High
Unreviewed
CVE-2021-30827
was published
May 24, 2022
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of...
Moderate
Unreviewed
CVE-2022-2787
was published
Aug 28, 2022
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile...
High
Unreviewed
CVE-2022-38577
was published
Sep 20, 2022
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with...
Moderate
Unreviewed
CVE-2021-39897
was published
May 24, 2022
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for...
Moderate
Unreviewed
CVE-2017-5033
was published
Apr 30, 2022
AList vulnerable to Improper Preservation of Permissions
High
CVE-2022-45968
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 12, 2022
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a...
Moderate
Unreviewed
CVE-2019-13727
was published
May 24, 2022
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in...
High
Unreviewed
CVE-2019-14841
was published
Oct 17, 2022
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x...
Low
Unreviewed
CVE-2013-6335
was published
May 13, 2022
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
Low
CVE-2021-21379
was published
for
org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
(Maven)
Mar 23, 2021
Access control flaw in Kiali
High
CVE-2021-3495
was published
for
github.com/kiali/kiali
(Go)
Jun 8, 2021
ProTip!
Advisories are also available from the
GraphQL API