GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
208 advisories
Filter by severity
When installing Nessus Agent to a directory outside of the default location on a Windows host,...
High
Unreviewed
CVE-2024-3291
was published
May 17, 2024
Grafana folders admin only permission privilege escalation
High
CVE-2022-36062
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Quarkus: security checks in resteasy reactive may trigger a denial of service
Moderate
CVE-2024-1726
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Apr 25, 2024
Authelia's Group Changes may not have the expected results (YAML file backend)
Low
GHSA-x883-2vmg-xwf7
was published
for
github.com/authelia/authelia/v4
(Go)
Apr 22, 2024
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get...
Low
Unreviewed
CVE-2024-22177
was published
Apr 2, 2024
Apache Airflow Improper Preservation of Permissions vulnerability
Moderate
CVE-2024-29735
was published
for
apache-airflow
(pip)
Mar 26, 2024
Anope before 2.0.15 does not prevent resetting the password of a suspended account.
Moderate
Unreviewed
CVE-2024-30187
was published
Mar 25, 2024
Apache Airflow: Ignored Airflow Permission
Moderate
CVE-2024-28746
was published
for
apache-airflow
(pip)
Mar 14, 2024
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through...
Moderate
Unreviewed
CVE-2024-21816
was published
Mar 4, 2024
Missing permission checks on Hazelcast client protocol
High
CVE-2023-45859
was published
for
com.hazelcast:hazelcast
(Maven)
Feb 27, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Improper Preservation of Permissions in etcd
Moderate
CVE-2020-15113
was published
for
github.com/etcd-io/etcd
(Go)
Jan 30, 2024
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version,...
Moderate
Unreviewed
CVE-2024-0674
was published
Jan 30, 2024
Insufficient macro permission validation of The Document Foundation LibreOffice allows an...
High
Unreviewed
CVE-2023-6186
was published
Dec 11, 2023
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote...
Critical
Unreviewed
CVE-2023-47463
was published
Nov 30, 2023
Improperly calculated effective permissions in M-Files Server versions 23.9 and 23.10 and 23.11...
Moderate
Unreviewed
CVE-2023-6239
was published
Nov 28, 2023
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write...
High
Unreviewed
CVE-2023-43612
was published
Nov 20, 2023
Netskope was made aware of a security vulnerability in its NSClient product for version 100 &...
Moderate
Unreviewed
CVE-2023-4996
was published
Nov 6, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
OpenSearch Issue with tenant read-only permissions
Moderate
CVE-2023-45807
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Oct 17, 2023
A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before...
High
Unreviewed
CVE-2023-39902
was published
Oct 17, 2023
Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows...
Low
Unreviewed
CVE-2023-30735
was published
Oct 4, 2023
The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory....
Moderate
Unreviewed
CVE-2022-47637
was published
Sep 13, 2023
Apache Superset has improper default REST API permission for Gamma users
Moderate
CVE-2023-36387
was published
for
apache-superset
(pip)
Sep 6, 2023
Disabled permissions can be granted by Jenkins SSH2 Easy Plugin
High
CVE-2023-41939
was published
for
org.jenkins-ci.plugins:ssh2easy
(Maven)
Sep 6, 2023
ProTip!
Advisories are also available from the
GraphQL API