Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

461 advisories

Loading
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Moderate Unreviewed
CVE-2022-4630 was published Dec 21, 2022
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper... Moderate Unreviewed
CVE-2022-23143 was published Dec 6, 2022
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the... Moderate Unreviewed
CVE-2022-45305 was published Nov 29, 2022
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the... Moderate Unreviewed
CVE-2022-45301 was published Nov 29, 2022
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the... Moderate Unreviewed
CVE-2022-45304 was published Nov 29, 2022
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all... Moderate Unreviewed
CVE-2022-45306 was published Nov 29, 2022
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the... Moderate Unreviewed
CVE-2022-45307 was published Nov 29, 2022
Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master... Moderate Unreviewed
CVE-2022-44280 was published Nov 23, 2022
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on... Moderate Unreviewed
CVE-2022-38461 was published Nov 18, 2022
Sensitive information disclosure due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2022-44746 was published Nov 8, 2022
A permissions issue existed. This issue was addressed with improved permission validation. This... Moderate Unreviewed
CVE-2022-42788 was published Nov 2, 2022
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change... Moderate Unreviewed
CVE-2022-41471 was published Oct 17, 2022
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before... Moderate Unreviewed
CVE-2022-3325 was published Oct 17, 2022
The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26238 was published Oct 7, 2022
The default privileges for the running service Normand Remisol Advance Launcher in Beckman... Moderate Unreviewed
CVE-2022-26236 was published Oct 7, 2022
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement... Moderate Unreviewed
CVE-2022-2975 was published Oct 6, 2022
The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26237 was published Oct 6, 2022
The default privileges for the running service Normand License Manager in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26239 was published Oct 6, 2022
The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol... Moderate Unreviewed
CVE-2022-26240 was published Oct 6, 2022
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with... Moderate Unreviewed
CVE-2022-23726 was published Oct 1, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. Moderate Unreviewed
CVE-2020-15328 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. Moderate Unreviewed
CVE-2020-15329 was published Sep 30, 2022
Bytebase does not restrict low privilege user to access admin issues Moderate
CVE-2022-32169 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to... Moderate Unreviewed
CVE-2022-40817 was published Sep 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database