GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
247 advisories
Filter by severity
Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7...
Critical
Unreviewed
CVE-2017-8543
was published
May 13, 2022
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...
High
Unreviewed
CVE-2017-8578
was published
May 13, 2022
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...
High
Unreviewed
CVE-2017-8577
was published
May 13, 2022
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...
High
Unreviewed
CVE-2017-8581
was published
May 13, 2022
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607,...
High
Unreviewed
CVE-2017-8465
was published
May 13, 2022
Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...
High
Unreviewed
CVE-2017-8593
was published
May 13, 2022
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26...
High
Unreviewed
CVE-2018-12989
was published
May 13, 2022
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10...
Critical
Unreviewed
CVE-2018-4115
was published
May 13, 2022
If a malicious attacker has used another vulnerability to gain full control over a content...
High
Unreviewed
CVE-2018-5163
was published
May 13, 2022
Missing permission checks in Jenkins Release Helper Plugin
Moderate
CVE-2022-27215
was published
for
org.jenkins-ci.plugins:release-helper
(Maven)
Mar 16, 2022
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28147
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate...
High
Unreviewed
CVE-2020-12744
was published
Oct 20, 2022
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access...
Moderate
Unreviewed
CVE-2022-41708
was published
Oct 20, 2022
Possible access control violation while setting current permission for VMIDs due to improper...
High
Unreviewed
CVE-2021-30279
was published
Jan 4, 2022
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
High
CVE-2021-43816
was published
for
github.com/containerd/containerd
(Go)
Jan 6, 2022
Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard...
High
Unreviewed
CVE-2022-21203
was published
Feb 11, 2022
An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web...
High
Unreviewed
CVE-2020-18329
was published
Jan 26, 2023
The bundle management module lacks permission verification in some APIs. Successful exploitation...
High
Unreviewed
CVE-2022-48301
was published
Feb 9, 2023
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this...
High
Unreviewed
CVE-2022-48295
was published
Feb 9, 2023
The SystemUI has a vulnerability in permission management. Successful exploitation of this...
Moderate
Unreviewed
CVE-2022-48296
was published
Feb 9, 2023
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Low
CVE-2023-25809
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and...
High
Unreviewed
CVE-2021-45446
was published
Nov 2, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Moderate
CVE-2021-22137
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Jython Improper Access Restrictions vulnerability
Moderate
CVE-2013-2027
was published
for
org.python:jython-standalone
(Maven)
May 14, 2022
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Moderate
CVE-2021-3978
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 19, 2021
ProTip!
Advisories are also available from the
GraphQL API