GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,205 advisories
Filter by severity
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM...
Moderate
Unreviewed
CVE-2018-13286
was published
May 13, 2022
It was discovered that sos-collector does not properly set the default permissions of newly...
Moderate
Unreviewed
CVE-2018-14650
was published
May 13, 2022
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data...
High
Unreviewed
CVE-2018-6683
was published
May 13, 2022
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017...
High
Unreviewed
CVE-2018-7533
was published
May 13, 2022
Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has...
Moderate
Unreviewed
CVE-2011-2859
was published
May 13, 2022
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly...
Moderate
Unreviewed
CVE-2011-2782
was published
May 13, 2022
Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions,...
Moderate
Unreviewed
CVE-2011-1435
was published
May 13, 2022
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to...
Moderate
Unreviewed
CVE-2017-9505
was published
May 13, 2022
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and...
High
Unreviewed
CVE-2016-5425
was published
May 13, 2022
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default...
Moderate
Unreviewed
CVE-2019-0683
was published
May 13, 2022
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function...
Moderate
Unreviewed
CVE-2018-14335
was published
May 13, 2022
The CorsairService Service in Corsair Utility Engine is installed with insecure default...
High
Unreviewed
CVE-2018-12441
was published
May 13, 2022
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory,...
High
Unreviewed
CVE-2018-10604
was published
May 13, 2022
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other...
Low
Unreviewed
CVE-2012-4453
was published
May 13, 2022
It was found that system umask policy is not being honored when creating XDG user directories,...
High
Unreviewed
CVE-2017-15131
was published
May 13, 2022
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests,...
Moderate
Unreviewed
CVE-2011-4361
was published
May 13, 2022
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering...
High
Unreviewed
CVE-2015-7378
was published
May 13, 2022
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business...
High
Unreviewed
CVE-2016-3943
was published
May 13, 2022
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation...
High
Unreviewed
CVE-2016-6914
was published
May 13, 2022
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change...
Moderate
Unreviewed
CVE-2013-4394
was published
May 13, 2022
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder,...
High
Unreviewed
CVE-2015-7985
was published
May 13, 2022
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10...
Moderate
Unreviewed
CVE-2019-3870
was published
May 13, 2022
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows...
High
Unreviewed
CVE-2022-30594
was published
May 13, 2022
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due...
High
Unreviewed
CVE-2022-20004
was published
May 11, 2022
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive...
High
Unreviewed
CVE-2022-23802
was published
May 7, 2022
ProTip!
Advisories are also available from the
GraphQL API