GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
60 advisories
Filter by severity
Incorrect Default Permissions in Apache Commons FileUpload
Low
CVE-2013-0248
was published
for
commons-fileupload:commons-fileupload
(Maven)
May 5, 2022
Octokit gem published with world-writable files
Low
CVE-2022-31072
was published
for
octokit
(RubyGems)
Jun 15, 2022
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1...
Low
Unreviewed
CVE-2022-30753
was published
Jul 13, 2022
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a...
Low
Unreviewed
CVE-2022-20310
was published
Aug 13, 2022
In ActivityManager, there is a possible disclosure of installed packages due to a missing...
Low
Unreviewed
CVE-2022-20315
was published
Aug 13, 2022
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise...
Low
Unreviewed
CVE-2021-25317
was published
May 24, 2022
In ContentService, there is a possible disclosure of available account types due to a missing...
Low
Unreviewed
CVE-2022-20305
was published
Aug 13, 2022
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a...
Low
Unreviewed
CVE-2022-20311
was published
Aug 13, 2022
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a...
Low
Unreviewed
CVE-2020-0009
was published
May 24, 2022
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2...
Low
Unreviewed
CVE-2019-17052
was published
May 24, 2022
Improper permission or value checking in the CLI console may allow a non-privileged user to...
Low
Unreviewed
CVE-2019-5593
was published
May 24, 2022
In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic...
Low
Unreviewed
CVE-2020-0121
was published
May 24, 2022
Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a...
Low
Unreviewed
CVE-2020-6480
was published
May 24, 2022
In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a...
Low
Unreviewed
CVE-2020-0135
was published
May 24, 2022
In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to...
Low
Unreviewed
CVE-2020-0107
was published
May 24, 2022
SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem...
Low
Unreviewed
CVE-2020-26807
was published
May 24, 2022
In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check....
Low
Unreviewed
CVE-2020-0412
was published
May 24, 2022
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After...
Low
Unreviewed
CVE-2020-11867
was published
May 24, 2022
In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of...
Low
Unreviewed
CVE-2020-0459
was published
May 24, 2022
In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission...
Low
Unreviewed
CVE-2020-27057
was published
May 24, 2022
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with...
Low
Unreviewed
CVE-2019-8777
was published
May 24, 2022
In SELinux policies of mls, there is a missing permission check. This could lead to local...
Low
Unreviewed
CVE-2020-27056
was published
May 24, 2022
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP...
Low
Unreviewed
CVE-2021-25359
was published
May 24, 2022
Trusty TLK contains a vulnerability in its access permission settings where it does not properly...
Low
Unreviewed
CVE-2021-34395
was published
May 24, 2022
In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a...
Low
Unreviewed
CVE-2022-20327
was published
Aug 13, 2022
ProTip!
Advisories are also available from the
GraphQL API