Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,518
Maven
5,000+
npm
4,156
NuGet
736
pip
3,955
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,336 advisories

Loading
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to... Moderate Unreviewed
CVE-2024-46544 was published Sep 23, 2024
An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the... Moderate Unreviewed
CVE-2025-41665 was published Jul 8, 2025
The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-11089 was published Jul 7, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders Moderate
CVE-2025-34075 was published for vagrant (RubyGems) Jul 2, 2025
A security bypass vulnerability exists in Google Chrome AppBound cookie encryption mechanism due... Critical Unreviewed
CVE-2025-34090 was published Jul 2, 2025
Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect... High Unreviewed
CVE-2025-46014 was published Jun 30, 2025
pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user... Critical Unreviewed
CVE-2014-7210 was published Jun 26, 2025
Liferay Portal and Liferay DXP does not properly check user permission Moderate
CVE-2021-33327 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
The Nix, Lix, and Guix package managers default to using temporary build directories in a world... Low Unreviewed
CVE-2025-52991 was published Jun 27, 2025
A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local... Moderate Unreviewed
CVE-2025-39201 was published Jun 24, 2025
Fluent Fluentd and Fluent-ui use default password High
CVE-2020-21514 was published for fluentd-ui (RubyGems) Apr 4, 2023
kenhys
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio... Moderate Unreviewed
CVE-2022-4964 was published Jan 24, 2024
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Moderate
CVE-2025-6264 was published for www.velocidex.com/golang/velociraptor (Go) Jun 20, 2025
The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple... Moderate Unreviewed
CVE-2025-5255 was published Jun 20, 2025
The Postbox's configuration on macOS, specifically the presence of entitlements: "com.apple... Moderate Unreviewed
CVE-2025-5963 was published Jun 20, 2025
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed... Critical Unreviewed
CVE-2025-6179 was published Jun 16, 2025
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non... High Unreviewed
CVE-2025-36632 was published Jun 16, 2025
An incorrect default permissions vulnerability was reported in the MotoSignature application that... Low Unreviewed
CVE-2025-1699 was published Jun 11, 2025
A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected... Critical Unreviewed
CVE-2025-40585 was published Jun 10, 2025
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y... Moderate Unreviewed
CVE-2024-23301 was published Jan 13, 2024
Local privilege escalation due to insecure file permissions. The following products are affected:... Moderate Unreviewed
CVE-2025-48959 was published Jun 4, 2025
Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code... High Unreviewed
CVE-2025-46355 was published Jun 3, 2025
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free... High Unreviewed
CVE-2025-23105 was published Jun 2, 2025
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in... Moderate Unreviewed
CVE-2025-31261 was published May 30, 2025
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow... High Unreviewed
CVE-2025-2502 was published May 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database