Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,388 advisories

Loading
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update... Moderate Unreviewed
CVE-2023-0944 was published Apr 5, 2023
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. Moderate Unreviewed
CVE-2022-43309 was published Apr 7, 2023
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms... High Unreviewed
CVE-2023-24626 was published Apr 8, 2023
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos... High Unreviewed
CVE-2023-28960 was published Apr 18, 2023
Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to... High Unreviewed
CVE-2023-22294 was published Apr 18, 2023
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could... Moderate Unreviewed
CVE-2023-28123 was published Apr 19, 2023
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM... Moderate Unreviewed
CVE-2023-0207 was published Apr 22, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on... Critical Unreviewed
CVE-2023-0834 was published Apr 28, 2023
An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute... High Unreviewed
CVE-2023-25438 was published May 4, 2023
Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows... High Unreviewed
CVE-2023-30399 was published May 4, 2023
Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission... High Unreviewed
CVE-2023-28068 was published May 5, 2023
Apache Ranger Hive Plugin missing permissions check High
CVE-2021-40331 was published for org.apache.ranger:ranger-hive-plugin (Maven) May 5, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... Moderate Unreviewed
CVE-2023-2478 was published May 8, 2023
An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem... High Unreviewed
CVE-2023-29092 was published May 9, 2023
Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may... High Unreviewed
CVE-2022-46656 was published May 10, 2023
Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0... High Unreviewed
CVE-2022-41658 was published May 10, 2023
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows... Moderate Unreviewed
CVE-2022-41771 was published May 10, 2023
Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before... High Unreviewed
CVE-2022-38103 was published May 10, 2023
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows... High Unreviewed
CVE-2022-41699 was published May 10, 2023
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged ... Moderate Unreviewed
CVE-2023-31445 was published May 11, 2023
IBM API Connect V10 could allow an authenticated user to perform actions that they should not... High Unreviewed
CVE-2023-28522 was published May 12, 2023
Planet's secret file is created with excessive permissions High
CVE-2023-32303 was published for planet (pip) May 12, 2023
Jenkins File Parameter Plugin arbitrary file write vulnerability High
CVE-2023-32986 was published for io.jenkins.plugins:file-parameters (Maven) May 16, 2023
Jenkins Email Extension Plugin missing permission check Moderate
CVE-2023-32979 was published for org.jenkins-ci.plugins:email-ext (Maven) May 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database