Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

369 advisories

Loading
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for... Moderate Unreviewed
CVE-2021-44230 was published Dec 1, 2021
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone... Moderate Unreviewed
CVE-2021-37058 was published Dec 8, 2021
WebExtensions with the correct permissions were able to create and install ServiceWorkers for... Moderate Unreviewed
CVE-2021-43540 was published Dec 9, 2021
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission... Moderate Unreviewed
CVE-2021-0931 was published Dec 16, 2021
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings... Moderate Unreviewed
CVE-2021-35248 was published Dec 21, 2021
A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and... Moderate Unreviewed
CVE-2021-3557 was published Feb 17, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged... Moderate Unreviewed
CVE-2022-25363 was published Feb 25, 2022
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write... Moderate Unreviewed
CVE-2022-0247 was published Feb 26, 2022
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1... Moderate Unreviewed
CVE-2020-27958 was published Feb 27, 2022
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The... Moderate Unreviewed
CVE-2022-26157 was published Mar 1, 2022
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels... Moderate Unreviewed
CVE-2021-3631 was published Mar 4, 2022
Ericsson Network Manager 20.2 has Insecure Permissions. Moderate Unreviewed
CVE-2021-28488 was published Mar 11, 2022
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4,... Moderate Unreviewed
CVE-2020-15388 was published Mar 19, 2022
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user... Moderate Unreviewed
CVE-2022-26247 was published Mar 21, 2022
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of... Moderate Unreviewed
CVE-2022-23869 was published Mar 31, 2022
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a... Moderate Unreviewed
CVE-2022-0803 was published Apr 6, 2022
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications ... Moderate Unreviewed
CVE-2022-21475 was published Apr 20, 2022
The affected product is vulnerable to misconfigured binaries, allowing users on the target PC... Moderate Unreviewed
CVE-2021-38483 was published Apr 21, 2022
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls... Moderate Unreviewed
CVE-2021-23055 was published Apr 22, 2022
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7... Moderate Unreviewed
CVE-2007-5544 was published May 1, 2022
The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp... Moderate Unreviewed
CVE-2008-0884 was published May 1, 2022
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which... Moderate Unreviewed
CVE-2009-1073 was published May 2, 2022
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of... Moderate Unreviewed
CVE-2009-3289 was published May 2, 2022
TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions ... Moderate Unreviewed
CVE-2009-3482 was published May 2, 2022
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure... Moderate Unreviewed
CVE-2009-3489 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API