Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,388 advisories

Loading
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-24205 was published Feb 24, 2023
Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password... High Unreviewed
CVE-2022-44216 was published Feb 20, 2023
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a... High Unreviewed
CVE-2021-3172 was published Feb 17, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration... Moderate Unreviewed
CVE-2022-21939 was published Feb 9, 2023
Insecure Permissions issue in jeecg-boot High
CVE-2021-37305 was published for org.jeecgframework.boot:jeecg-boot-base (Maven) Feb 3, 2023
Insecure Permissions issue in jeecg-boot High
CVE-2021-37304 was published for org.jeecgframework.boot:jeecg-boot-base (Maven) Feb 3, 2023
Insecure Permissions issue in jeecg-boot High
CVE-2021-37306 was published for org.jeecgframework.boot:jeecg-boot-base (Maven) Feb 3, 2023
In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x... Moderate Unreviewed
CVE-2023-22326 was published Feb 1, 2023
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could... High Unreviewed
CVE-2022-42972 was published Feb 1, 2023
Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users... Moderate Unreviewed
CVE-2022-37708 was published Feb 1, 2023
Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote... High Unreviewed
CVE-2022-44715 was published Jan 27, 2023
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. High Unreviewed
CVE-2022-44263 was published Jan 27, 2023
In exported content providers of ShannonRcs, there is a possible way to get access to protected... Moderate Unreviewed
CVE-2023-20923 was published Jan 26, 2023
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to... High Unreviewed
CVE-2023-22592 was published Jan 18, 2023
Dell command configuration, version 4.8 and prior, contains improper folder permission when... High Unreviewed
CVE-2022-34457 was published Jan 18, 2023
In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. Moderate Unreviewed
CVE-2022-48257 was published Jan 13, 2023
EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has... Moderate Unreviewed
CVE-2022-39186 was published Jan 12, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15... Moderate Unreviewed
CVE-2022-4365 was published Jan 12, 2023
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39... Moderate Unreviewed
CVE-2022-47927 was published Jan 12, 2023
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Moderate Unreviewed
CVE-2022-4630 was published Dec 21, 2022
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git... High Unreviewed
CVE-2022-38065 was published Dec 21, 2022
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected... High Unreviewed
CVE-2022-43517 was published Dec 13, 2022
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for... High Unreviewed
CVE-2022-46792 was published Dec 8, 2022
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper... Moderate Unreviewed
CVE-2022-23143 was published Dec 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database