Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
Improper permission control in the mobile application (com.android.server.telecom) may lead to... Low Unreviewed
CVE-2024-6780 was published Jul 16, 2024
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path... Low Unreviewed
CVE-2024-10228 was published Oct 30, 2024
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier... Low Unreviewed
CVE-2024-46897 was published Oct 18, 2024
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2022-43845 was published Sep 25, 2024
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform... Low Unreviewed
CVE-2023-49578 was published Dec 12, 2023
SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754,... Low Unreviewed
CVE-2023-32114 was published Jun 13, 2023
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead... Low Unreviewed
CVE-2023-5937 was published May 15, 2024
Incorrect Permission Assignment for Critical Resource in Ansible Low
CVE-2020-1736 was published for ansible (pip) Feb 9, 2022
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could... Low Unreviewed
CVE-2022-33167 was published Jul 30, 2024
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for... Low Unreviewed
CVE-2005-4868 was published May 1, 2022
Apache Solr Schema Designer blindly "trusts" all configsets Low
CVE-2023-50292 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control... Low Unreviewed
CVE-2001-0006 was published Apr 30, 2022
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3)... Low Unreviewed
CVE-2004-1714 was published Apr 29, 2022
common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777... Low Unreviewed
CVE-2009-3611 was published May 2, 2022
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with... Low Unreviewed
CVE-2009-0141 was published May 2, 2022
Default permissions for a properties file were too permissive. Local system users could read... Low Unreviewed
CVE-2023-26427 was published Jun 20, 2023
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to... Low Unreviewed
CVE-2020-0904 was published May 24, 2022
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers
Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022... Low Unreviewed
CVE-2022-39887 was published Nov 10, 2022
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued Low
CVE-2022-39284 was published for codeigniter4/framework (Composer) Oct 6, 2022
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows... Low Unreviewed
CVE-2022-33689 was published Jul 13, 2022
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local... Low Unreviewed
CVE-2021-25519 was published Dec 9, 2021
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users... Low Unreviewed
CVE-2019-2389 was published May 24, 2022
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission... Low Unreviewed
CVE-2019-14824 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database