GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,230
Composer 4,347
Erlang 31
GitHub Actions 22
Go 2,117
Maven 5,289
npm 3,768
NuGet 680
pip 3,457
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,668

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,232 advisories

Filter by severity

Sort by

Least recently updated

File and directory permissions have been corrected to prevent unintended users from modifying or... Critical Unreviewed

CVE-2022-22988 was published Jan 14, 2022

An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges,... High Unreviewed

CVE-2021-42562 was published Jan 13, 2022

Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin Moderate

CVE-2022-20614 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022

Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate

CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022

Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate

CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default... High Unreviewed

CVE-2021-23244 was published Dec 28, 2021

Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition... High Unreviewed

CVE-2021-20874 was published Dec 25, 2021

Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited... High Unreviewed

CVE-2021-27445 was published Dec 22, 2021

It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings... Moderate Unreviewed

CVE-2021-35248 was published Dec 21, 2021

Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity High

CVE-2020-25039 was published for github.com/sylabs/singularity (Go) Dec 20, 2021

Incorrect Permission Assignment for Critical Resource in Singularity High

CVE-2019-11328 was published for github.com/sylabs/singularity (Go) Dec 20, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE... High Unreviewed

CVE-2021-42309 was published Dec 16, 2021

In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This... High Unreviewed

CVE-2021-0904 was published Dec 16, 2021

In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission... Moderate Unreviewed

CVE-2021-0931 was published Dec 16, 2021

An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local... Low Unreviewed

CVE-2021-25519 was published Dec 9, 2021

WebExtensions with the correct permissions were able to create and install ServiceWorkers for... Moderate Unreviewed

CVE-2021-43540 was published Dec 9, 2021

World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a... High Unreviewed

CVE-2021-44512 was published Dec 8, 2021

There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone... Moderate Unreviewed

CVE-2021-37058 was published Dec 8, 2021

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file... High Unreviewed

CVE-2021-43034 was published Dec 7, 2021

HashiCorp Vault Incorrect Permission Assignment for Critical Resource Critical

CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access... High Unreviewed

CVE-2021-43359 was published Dec 2, 2021

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbHâ€™s TopEaseÂ®... Critical Unreviewed

CVE-2021-42115 was published Dec 1, 2021

An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to... High Unreviewed

CVE-2021-40101 was published Dec 1, 2021

PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for... Moderate Unreviewed

CVE-2021-44230 was published Dec 1, 2021

Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation... High Unreviewed

CVE-2021-43019 was published Nov 24, 2021

Previous 1 2 … 46 47 48 49 50 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,232 advisories