GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,077 advisories
Filter by severity
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and...
High
Unreviewed
CVE-2016-5425
was published
May 13, 2022
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default...
Moderate
Unreviewed
CVE-2019-0683
was published
May 13, 2022
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function...
Moderate
Unreviewed
CVE-2018-14335
was published
May 13, 2022
The CorsairService Service in Corsair Utility Engine is installed with insecure default...
High
Unreviewed
CVE-2018-12441
was published
May 13, 2022
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory,...
High
Unreviewed
CVE-2018-10604
was published
May 13, 2022
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other...
Low
Unreviewed
CVE-2012-4453
was published
May 13, 2022
Moodle Incorrect Default Settings
Moderate
CVE-2011-4285
was published
for
moodle/moodle
(Composer)
May 13, 2022
It was found that system umask policy is not being honored when creating XDG user directories,...
High
Unreviewed
CVE-2017-15131
was published
May 13, 2022
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests,...
Moderate
Unreviewed
CVE-2011-4361
was published
May 13, 2022
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering...
High
Unreviewed
CVE-2015-7378
was published
May 13, 2022
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business...
High
Unreviewed
CVE-2016-3943
was published
May 13, 2022
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation...
High
Unreviewed
CVE-2016-6914
was published
May 13, 2022
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change...
Moderate
Unreviewed
CVE-2013-4394
was published
May 13, 2022
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder,...
High
Unreviewed
CVE-2015-7985
was published
May 13, 2022
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10...
Moderate
Unreviewed
CVE-2019-3870
was published
May 13, 2022
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows...
High
Unreviewed
CVE-2022-30594
was published
May 13, 2022
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due...
High
Unreviewed
CVE-2022-20004
was published
May 11, 2022
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive...
High
Unreviewed
CVE-2022-23802
was published
May 7, 2022
Incorrect Default Permissions in Apache Commons FileUpload
Low
CVE-2013-0248
was published
for
commons-fileupload:commons-fileupload
(Maven)
May 5, 2022
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages...
Moderate
Unreviewed
CVE-2013-4763
was published
May 5, 2022
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3)...
Low
Unreviewed
CVE-2005-1941
was published
May 1, 2022
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with...
High
Unreviewed
CVE-2002-1844
was published
Apr 30, 2022
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home...
Low
Unreviewed
CVE-2002-1713
was published
Apr 30, 2022
Apache Tomcat may be started without proper security settings
High
CVE-2002-0493
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure...
Moderate
Unreviewed
CVE-2001-0497
was published
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API