Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,388 advisories

Loading
In Keyguard, there is a missing permission check. This could lead to local escalation of... High Unreviewed
CVE-2022-20274 was published Aug 13, 2022
In Telephony, there is a possible information disclosure due to a missing permission check. This... Moderate Unreviewed
CVE-2022-20284 was published Aug 13, 2022
In Midi, there is a possible way to learn about private midi devices due to a permissions bypass.... Moderate Unreviewed
CVE-2022-20290 was published Aug 13, 2022
In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission... High Unreviewed
CVE-2022-20329 was published Aug 13, 2022
In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user... Low Unreviewed
CVE-2022-20330 was published Aug 13, 2022
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a... Moderate Unreviewed
CVE-2022-32544 was published Aug 19, 2022
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows... Moderate Unreviewed
CVE-2022-32583 was published Aug 19, 2022
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows... Moderate Unreviewed
CVE-2022-33311 was published Aug 19, 2022
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6... High Unreviewed
CVE-2022-32777 was published Aug 23, 2022
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6... High Unreviewed
CVE-2022-32778 was published Aug 23, 2022
Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion... Moderate Unreviewed
CVE-2022-36687 was published Aug 29, 2022
Apache ShenYu Admin has insecure permissions High
CVE-2022-37435 was published for org.apache.shenyu:shenyu-common (Maven) Sep 2, 2022
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an... High Unreviewed
CVE-2022-37458 was published Sep 3, 2022
IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated... Moderate Unreviewed
CVE-2022-37771 was published Sep 7, 2022
PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing... Moderate Unreviewed
CVE-2022-36670 was published Sep 7, 2022
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both... High Unreviewed
CVE-2022-37190 was published Sep 14, 2022
In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to... High Unreviewed
CVE-2022-20398 was published Sep 14, 2022
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due... Moderate Unreviewed
CVE-2022-20399 was published Sep 14, 2022
Talos worker join token can be used to get elevated access level to the Talos API High
CVE-2022-36103 was published for github.com/talos-systems/talos (Go) Sep 16, 2022
smira
Credited to smira
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster... High Unreviewed
CVE-2022-2332 was published Sep 17, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure High
CVE-2022-2995 was published for github.com/cri-o/cri-o (Go) Sep 20, 2022
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to... Critical Unreviewed
CVE-2017-20148 was published Sep 21, 2022
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included... Critical Unreviewed
CVE-2022-28802 was published Sep 22, 2022
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to... High Unreviewed
CVE-2022-40298 was published Sep 25, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5... Moderate Unreviewed
CVE-2022-32227 was published Sep 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database