Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

611 advisories

Loading
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for... High Unreviewed
CVE-2021-0064 was published Nov 18, 2021
The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are... High Unreviewed
CVE-2018-20798 was published May 13, 2022
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. High
CVE-2021-38557 was published for billz/raspap-webgui (Composer) Sep 2, 2021
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS... High Unreviewed
CVE-2018-8411 was published May 13, 2022
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to... High Unreviewed
CVE-2021-40101 was published Dec 1, 2021
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a... High Unreviewed
CVE-2021-44512 was published Dec 8, 2021
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This... High Unreviewed
CVE-2021-0904 was published Dec 16, 2021
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5)... High Unreviewed
CVE-2017-16895 was published May 13, 2022
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration... High Unreviewed
CVE-2017-16882 was published May 13, 2022
** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability... High Unreviewed
CVE-2018-7311 was published May 13, 2022
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1... High Unreviewed
CVE-2018-6755 was published May 13, 2022
** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl... High Unreviewed
CVE-2018-11116 was published May 13, 2022
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login... High Unreviewed
CVE-2018-5413 was published May 13, 2022
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could... High Unreviewed
CVE-2018-1711 was published May 13, 2022
IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have... High Unreviewed
CVE-2018-1551 was published May 13, 2022
An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS... High Unreviewed
CVE-2022-22248 was published Oct 18, 2022
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container... High Unreviewed
CVE-2018-1069 was published May 13, 2022
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7... High Unreviewed
CVE-2018-1053 was published May 13, 2022
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10,... High Unreviewed
CVE-2018-11454 was published May 13, 2022
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10,... High Unreviewed
CVE-2018-11453 was published May 13, 2022
IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in... High Unreviewed
CVE-2018-1750 was published May 13, 2022
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53... High Unreviewed
CVE-2018-10843 was published May 13, 2022
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to... High Unreviewed
CVE-2017-5260 was published May 13, 2022
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions... High Unreviewed
CVE-2018-11078 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database