Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,874
Erlang
37
GitHub Actions
36
Go
2,520
Maven
5,000+
npm
4,160
NuGet
741
pip
3,961
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

651 advisories

Loading
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and... High Unreviewed
CVE-2016-5425 was published May 13, 2022
The CorsairService Service in Corsair Utility Engine is installed with insecure default... High Unreviewed
CVE-2018-12441 was published May 13, 2022
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory,... High Unreviewed
CVE-2018-10604 was published May 13, 2022
It was found that system umask policy is not being honored when creating XDG user directories,... High Unreviewed
CVE-2017-15131 was published May 13, 2022
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering... High Unreviewed
CVE-2015-7378 was published May 13, 2022
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business... High Unreviewed
CVE-2016-3943 was published May 13, 2022
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation... High Unreviewed
CVE-2016-6914 was published May 13, 2022
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder,... High Unreviewed
CVE-2015-7985 was published May 13, 2022
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows... High Unreviewed
CVE-2022-30594 was published May 13, 2022
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due... High Unreviewed
CVE-2022-20004 was published May 11, 2022
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive... High Unreviewed
CVE-2022-23802 was published May 7, 2022
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to... High Unreviewed
CVE-2006-5014 was published May 1, 2022
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with... High Unreviewed
CVE-2002-1844 was published Apr 30, 2022
Apache Tomcat may be started without proper security settings High
CVE-2002-0493 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. High Unreviewed
CVE-1999-0426 was published Apr 30, 2022
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is... High Unreviewed
CVE-2022-29585 was published Apr 29, 2022
The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the... High Unreviewed
CVE-2022-29547 was published Apr 22, 2022
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager... High Unreviewed
CVE-2022-20732 was published Apr 22, 2022
The setup program for the affected product configures its files and folders with full access,... High Unreviewed
CVE-2021-43986 was published Apr 21, 2022
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the... High Unreviewed
CVE-2021-39794 was published Apr 13, 2022
Podman's default inheritable capabilities for linux container not empty High
CVE-2022-27649 was published for github.com/containers/podman/v4 (Go) Apr 1, 2022
AndrewGMorgan
In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible... High Unreviewed
CVE-2021-1000 was published Mar 31, 2022
In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission... High Unreviewed
CVE-2021-1033 was published Mar 31, 2022
In Traceur, there is a possible bypass of developer settings requirements for capturing system... High Unreviewed
CVE-2021-39780 was published Mar 31, 2022
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect... High Unreviewed
CVE-2022-26839 was published Mar 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database