Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226... High Unreviewed
CVE-2024-44729 was published Oct 11, 2024
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to... High Unreviewed
CVE-2024-7612 was published Oct 8, 2024
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows... Critical Unreviewed
CVE-2024-24117 was published Oct 2, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could... Moderate Unreviewed
CVE-2024-6360 was published Oct 2, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
westonsteimel cipherboy
Credited to westonsteimel and cipherboy
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2022-43845 was published Sep 25, 2024
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain... High Unreviewed
CVE-2024-8900 was published Sep 17, 2024
Improper permission configurationDomain configuration vulnerability of the mobile application ... Critical Unreviewed
CVE-2024-8039 was published Sep 16, 2024
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS... Low Unreviewed
CVE-2024-44575 was published Sep 11, 2024
A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All... Critical Unreviewed
CVE-2024-41171 was published Sep 10, 2024
External Secrets Operator vulnerable to privilege escalation High
CVE-2024-45041 was published for github.com/external-secrets/external-secrets (Go) Sep 9, 2024
younaman
Credited to younaman
HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain... High Unreviewed
CVE-2024-38456 was published Sep 3, 2024
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local... Moderate Unreviewed
CVE-2023-49582 was published Aug 26, 2024
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0,... Moderate Unreviewed
CVE-2022-43915 was published Aug 24, 2024
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD> High
GHSA-34qg-65m4-f23m was published for froxlor/froxlor (Composer) Aug 23, 2024
hardfalcon
Credited to hardfalcon
A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat... Moderate Unreviewed
CVE-2024-7986 was published Aug 23, 2024
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2024-5930 was published Aug 21, 2024
CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The... High Unreviewed
CVE-2024-7513 was published Aug 14, 2024
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows... Moderate Unreviewed
CVE-2024-5915 was published Aug 14, 2024
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before... Moderate Unreviewed
CVE-2024-25561 was published Aug 14, 2024
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before... Moderate Unreviewed
CVE-2024-23908 was published Aug 14, 2024
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local... High Unreviewed
CVE-2024-6619 was published Aug 13, 2024
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain... High Unreviewed
CVE-2024-43199 was published Aug 7, 2024
Kubean vulnerable to cluster-level privilege escalation High
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman
Credited to younaman
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware... High Unreviewed
CVE-2024-41720 was published Aug 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database