GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
186 advisories
Filter by severity
AList vulnerable to Improper Preservation of Permissions
High
CVE-2022-45968
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 12, 2022
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration...
High
Unreviewed
CVE-2022-31608
was published
Nov 19, 2022
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and...
High
Unreviewed
CVE-2021-45446
was published
Nov 2, 2022
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
Moderate
CVE-2022-44020
was published
for
sushy-tools
(pip)
Oct 30, 2022
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access...
Moderate
Unreviewed
CVE-2022-41708
was published
Oct 20, 2022
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate...
High
Unreviewed
CVE-2020-12744
was published
Oct 20, 2022
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in...
High
Unreviewed
CVE-2019-14841
was published
Oct 17, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
fhir-works-on-aws-authz-smart handles permissions improperly
Moderate
CVE-2022-39230
was published
for
fhir-works-on-aws-authz-smart
(npm)
Sep 21, 2022
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile...
High
Unreviewed
CVE-2022-38577
was published
Sep 20, 2022
Shopware access control list bypassed via crafted specific URLs
Moderate
CVE-2022-36102
was published
for
shopware/shopware
(Composer)
Sep 16, 2022
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of...
Moderate
Unreviewed
CVE-2022-2787
was published
Aug 28, 2022
A flaw was found in satellite. When giving granular permission related to the organization, other...
High
Unreviewed
CVE-2021-3414
was published
Aug 27, 2022
Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an...
Low
Unreviewed
CVE-2022-31237
was published
Aug 23, 2022
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to...
High
Unreviewed
CVE-2022-31262
was published
Aug 18, 2022
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes...
High
Unreviewed
CVE-2022-22472
was published
Jul 1, 2022
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because...
Moderate
Unreviewed
CVE-2022-32969
was published
Jun 30, 2022
Improper validation of permissions for third party application accessing Telephony service API...
Moderate
Unreviewed
CVE-2021-35079
was published
Jun 15, 2022
The communication module has a vulnerability of improper permission preservation. Successful...
Moderate
Unreviewed
CVE-2022-31755
was published
Jun 14, 2022
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.
High
Unreviewed
CVE-2022-29594
was published
Jun 3, 2022
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with...
Moderate
Unreviewed
CVE-2021-39897
was published
May 24, 2022
A permissions issue existed. This issue was addressed with improved permission validation. This...
High
Unreviewed
CVE-2021-30827
was published
May 24, 2022
If a user had granted a permission to a webpage and saved that grant, any webpage running on the...
Critical
Unreviewed
CVE-2021-29971
was published
May 24, 2022
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service...
High
Unreviewed
CVE-2021-32465
was published
May 24, 2022
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to...
High
Unreviewed
CVE-2020-15496
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API