Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

525 advisories

Loading
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change... Moderate Unreviewed
CVE-2022-41471 was published Oct 17, 2022
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before... Moderate Unreviewed
CVE-2022-3325 was published Oct 17, 2022
The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26238 was published Oct 7, 2022
The default privileges for the running service Normand Remisol Advance Launcher in Beckman... Moderate Unreviewed
CVE-2022-26236 was published Oct 7, 2022
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement... Moderate Unreviewed
CVE-2022-2975 was published Oct 6, 2022
The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26237 was published Oct 6, 2022
The default privileges for the running service Normand License Manager in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26239 was published Oct 6, 2022
The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26240 was published Oct 6, 2022
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with... Moderate Unreviewed
CVE-2022-23726 was published Oct 1, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. Moderate Unreviewed
CVE-2020-15329 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. Moderate Unreviewed
CVE-2020-15328 was published Sep 30, 2022
Bytebase does not restrict low privilege user to access admin issues Moderate
CVE-2022-32169 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to... Moderate Unreviewed
CVE-2022-40817 was published Sep 28, 2022
A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate... Moderate Unreviewed
CVE-2022-35250 was published Sep 25, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5... Moderate Unreviewed
CVE-2022-32227 was published Sep 25, 2022
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due... Moderate Unreviewed
CVE-2022-20399 was published Sep 14, 2022
PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing... Moderate Unreviewed
CVE-2022-36670 was published Sep 7, 2022
IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated... Moderate Unreviewed
CVE-2022-37771 was published Sep 7, 2022
Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion... Moderate Unreviewed
CVE-2022-36687 was published Aug 29, 2022
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows... Moderate Unreviewed
CVE-2022-33311 was published Aug 19, 2022
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a... Moderate Unreviewed
CVE-2022-32544 was published Aug 19, 2022
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows... Moderate Unreviewed
CVE-2022-32583 was published Aug 19, 2022
In Midi, there is a possible way to learn about private midi devices due to a permissions bypass.... Moderate Unreviewed
CVE-2022-20290 was published Aug 13, 2022
In Telephony, there is a possible information disclosure due to a missing permission check. This... Moderate Unreviewed
CVE-2022-20284 was published Aug 13, 2022
Gitea allowed assignment of private issues Moderate
CVE-2022-38183 was published for code.gitea.io/gitea (Go) Aug 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database