Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

101 advisories

Loading
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows... Critical Unreviewed
CVE-2025-46093 was published Aug 5, 2025
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view... Critical Unreviewed
CVE-2025-45150 was published Aug 1, 2025
Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a... Critical Unreviewed
CVE-2014-125121 was published Jul 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-43243 was published Jul 30, 2025
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues... Critical Unreviewed
CVE-2025-26469 was published Jul 28, 2025
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker... Critical Unreviewed
CVE-2017-20198 was published Jul 23, 2025
The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions,... Critical Unreviewed
CVE-2025-25373 was published Mar 25, 2025
Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2024-57520 was published Feb 6, 2025
Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. Critical Unreviewed
CVE-2024-55959 was published Jan 21, 2025
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an... Critical Unreviewed
CVE-2024-38337 was published Jan 19, 2025
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication... Critical Unreviewed
CVE-2025-0066 was published Jan 14, 2025
The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for... Critical Unreviewed
CVE-2024-53931 was published Jan 7, 2025
The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme)... Critical Unreviewed
CVE-2024-53932 was published Jan 7, 2025
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v... Critical Unreviewed
CVE-2024-41647 was published Dec 7, 2024
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead... Critical Unreviewed
CVE-2024-10018 was published Oct 16, 2024
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows... Critical Unreviewed
CVE-2024-24117 was published Oct 2, 2024
Improper permission configurationDomain configuration vulnerability of the mobile application ... Critical Unreviewed
CVE-2024-8039 was published Sep 16, 2024
A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All... Critical Unreviewed
CVE-2024-41171 was published Sep 10, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics... Critical Unreviewed
CVE-2024-5618 was published Jul 18, 2024
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user... Critical Unreviewed
CVE-2024-5163 was published Jun 17, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Critical Unreviewed
CVE-2024-33499 was published May 14, 2024
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi... Critical Unreviewed
CVE-2024-33435 was published Apr 29, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue... Critical Unreviewed
CVE-2024-3375 was published Apr 29, 2024
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform... Critical Unreviewed
CVE-2024-21915 was published Feb 16, 2024
pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign... Critical Unreviewed
CVE-2020-36770 was published Jan 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database